We have compiled a list of recommendations to protect your WordPress as much as possible . Being the most widely used content manager in the world, it is quite common to receive attacks from hackers, brute force attacks and robots. If you have all the options checked by default, you could have a security problem that leaves you without a website or includes malicious code. Take a look at which of these actions you can take to be much more protected.
icons-02-861. Do not use the wp_ prefix for the database
From the first moment of installing WordPress you have to specify a series of information that you have to enter so that WordPress can communicate with the database.
Most of this information is provided to you by your hosting provider, such as the database name, username, and password. But there is one decision to make: deciding on the prefix of the tables that will be created for WordPress.
By default, on this screen the prefix offered is wp_, so your tables australia telegram phone numbers be such that wp_options, wp_comments, wp_posts, etc.
And of course, this is something that every hacker knows, and it is free information that we give to any potential attacker , who knows that if you do not do a secure installation the WordPress tables – which are standard – will have those full names if you do not change the prefix.
change table prefix wordpress installation
So the first place you should start securing WordPress is before you even install it , in this step: change the default table prefix ( wp_) to something of your choice, for example wptabla_or X1jM_or whatever you want. The important thing is not how long or complicated it is, but that you at least don't leave the prefix as the default.
icons-02-622. Do not use the admin user to access WordPress
Another decision we have to make during the installation of WordPress is the name of the first user to access the administration of our website , a user who by default will have full management permissions for it.
For years, WordPress has offered a default username, which of course you should not use. So when choosing the name for your first user to access WordPress, do not choose common names for this task, such as admin , Admin , root , etc., since these are the first names that a hacker who wants to take over your website will check.
Change username and strong passwords when installing wordpress
icons-02-643. Use a strong password
I know it's hard to get you to listen to this basic trick, but it's critical that you realize that the easier a password is for you to remember, the easier it will be for attackers' automated brute force login systems to crack it.
WordPress, in its latest versions, includes a secure password generator and “suggests” that you use it. This will always be the best option. You can, however, skip this recommendation and set a simple, insecure password, but you would be committing the main and most important security error of all possible.
Nowadays, it is unnecessary to use easy passwords, as all browsers offer the possibility of remembering them for you on your computer. So always use strong passwords , which contain lowercase letters, uppercase letters, numbers and special characters.
If you have many registered users, you can even force password changes so that they are all secure, including the administrators' passwords. For example:
Forcing password changes every 30 days
Resetting all passwords
icons-02-754. Always use the latest version of WordPress
If there is anything dangerous, it is working on a network with outdated or insufficiently updated software. Hackers usually attack sites with old, outdated versions , as they tend to be more vulnerable as they do not have sufficient protection against known types of attacks.
Fortunately, WordPress offers an automatic update system, both for the WordPress core itself and for plugins and themes.