First of all you must know that 100% security does not exist on the Internet nor in any field. Often first we tend to think that the host is responsible.
You still have to know that a web host, it’s a bit like the owner of a building that rents apartments.
It will ensure that the foundations of amenities related to the proper functioning of all are respected, but it cannot be held responsible if you lose your keys, to whom you loan them or if you do not have a system of alarm or security door.
You still have to know that WordPress is a very secure content management software, but no-one even highly protected system is infallible. Hacking is endless problem.
More steps are taken to secure WordPress, WordPress offers more updates to improve security, more hackers redouble their ingenuity to outwit the pitfalls.
These are basic technical guidelines for beginners, but it is good to know them.
- Make updates to WordPress and plugins regularly.
- A WordPress Installation need 3 types of passwords: one for FTP, one in the database, one to connect to the admin. It is obvious that the more these passwords are transferred between several people, more the risks increase. Tip: If one of your colleagues, employees, suppliers ended his relationship with your project, change these passwords.
- Using strong passwords (uppercase, lowercase, numbers, special characters).
Other fairly useful tips
- Hide WordPress version you are using.
- Rename the prefix for WordPress tables in the database.
- If your blog is not installed in a subdirectory, you can put the wp-config.php file in the parent folder.
- Protect access to wp-config.php via .htaccess
Ok, so once completed these steps, you are better protected, but not invulnerable, then we must make the monitoring, provision of spares and solutions plan B in case your site would snack like a piece of Swiss cheese by a greedy mouse:
- Login LockDown is a plugin that protects access to your admin. If someone tries to log in, and the operation fails several times, the access is blocked for a specified period. It is you who decide the number of attempts and the inaccessibility period.
- Install Antivirus plugin that can scan your theme for flaws and viruses.
- Install the plugin WP Database Back-up for receiving a backup of your email database and at a frequency of your choice. So your backup does not remain on the server, it is outside, warm in your email box.
- Install WordPress Security Scan plugin that will regularly send you alerts on everything that happens on your website: update WordPress and plugins to make, possible vulnerabilities, server inactivity etc.
- Install the Secure WordPress plugin that will perform tasks that I mentioned in fairly useful tips.
I have a final recommendation so you can sleep peacefully. This is Vault Press, a plugin developed by Automatic home the mother of WordPress.
This plugin fee is ($ 15 / month) and it allows you to connect your site to continuously WordPress servers. The site is regularly scanned and saved.
What is interesting is that even if you have done your homework and that an incident occurs, you can quickly restore your site a few clicks away.
In addition, you have access to engineers and technicians to advise you and guide you on how to proceed.
In terms of spam comments, there is of course also Akismet from Automattic. An excellent high performance plugin.