{"id":94336,"date":"2022-09-16T15:26:43","date_gmt":"2022-09-16T13:26:43","guid":{"rendered":"https:\/\/happybrain.it\/?p=94336"},"modified":"2022-09-16T15:27:10","modified_gmt":"2022-09-16T13:27:10","slug":"sicurezza-di-wordpress","status":"publish","type":"post","link":"https:\/\/happybrain.it\/en\/2022\/09\/16\/sicurezza-di-wordpress\/","title":{"rendered":"How to improve WordPress security"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column column_width_percent=&#8221;80&#8243; gutter_size=&#8221;3&#8243; overlay_alpha=&#8221;50&#8243; shift_x=&#8221;0&#8243; shift_y=&#8221;0&#8243; shift_y_down=&#8221;0&#8243; z_index=&#8221;0&#8243; medium_width=&#8221;0&#8243; mobile_width=&#8221;0&#8243; width=&#8221;1\/1&#8243;][vc_empty_space empty_h=&#8221;1&#8243;][vc_custom_heading heading_semantic=&#8221;h1&#8243; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;184248&#8243;]Did you know that 43.3% of the websites use WordPress?[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;180953&#8243;]Its success might depend on an administration panel that is very intuitive, easy to use and can be personalized.<br \/>\nWith WordPress you can create simple websites, but also more complex projects thanks to a marketplace full of plugins that implement a lot of useful functionalities.<\/p>\n<p>This is possible also because WordPress is an Open Source, this means it can be downloaded, studied, analyzed and updated by any developer.<br \/>\nSince not everyone has nice intentions online, it will be necessary to spend your time ensuring that your site is protected from any hacker attack.<\/p>\n<p>Which are <strong>the points hackers can exploit<\/strong> to attack your site?<\/p>\n<ul>\n<li>Softwares<\/li>\n<li>Themes and plugins<\/li>\n<li>Brute-force attacks<\/li>\n<li>Malwares<\/li>\n<li>Hosting environments<\/li>\n<\/ul>\n<p>To avoid your site becoming vulnerable, here are a few tips.[\/vc_column_text][vc_single_image media=&#8221;94373&#8243; media_width_percent=&#8221;100&#8243; alignment=&#8221;center&#8221; uncode_shortcode_id=&#8221;140202&#8243;][vc_empty_space empty_h=&#8221;2&#8243;][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;998989&#8243;]Protect your device[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;886491&#8243;]Keeping your computer (especially if it\u2019s a Personal Computer) away from viruses and malwares it\u2019s the first step to avoid hacker attacks. The environment where you host your website must be safe. Use an antivirus filter that\u2019s reliable and runs frequent scans. Some viruses are studied to steal passwords while you access your browser.[\/vc_column_text][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;119221&#8243;]Update WordPress and its Plugins[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;121390&#8243;]According to the research, 29% of the attacks come from non updated themes and 22% from the plugins. When you access the WordPress panel, always be careful if there\u2019s any update available. Remember to do them periodically, after doing a backup of the project. The new core versions and the plugin usually have fixes even when it\u2019s about security! Also remember to not install or activate any plugin that you\u2019re not using.<\/p>\n<p>N.B. If you need to add new plugins make sure the one you want has been updated recently and that no user has written any bad review about it and that there\u2019s no security problem reported in the support section.<br \/>\n[\/vc_column_text][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;152278&#8243;]Safe hosting environment[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;421934&#8243;]Most of the websites is hackered because of the vulnerability of the server. It\u2019s really important that the space where you host your website is protected and safe. Make sure that there are firewalls with a high level of security. In the last few years, different services were made for WordPress with automatic and periodic scans from the file to other systems more evolved. Always use the last PHP version you find available, to make your site safer and faster!<br \/>\n[\/vc_column_text][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;871928&#8243;]Strong passwords[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;521782&#8243;]The choice of the access password is fundamental for the security of your site. Choose a string that comprehends capital and lowercase letters, numbers and special characters.<br \/>\nAlso, don\u2019t use the same password for different services and remember to update it periodically. Use the ones WordPress suggest, or <a href=\"https:\/\/www.lastpass.com\/it\/features\/password-generator\" target=\"_blank\" rel=\"noopener\"><strong>create your own from here.<\/strong><\/a>[\/vc_column_text][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;197138&#8243;]Use HTTPS protocol[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;944151&#8243;]Install a SSL certificate on your site. It allows you to encrypt in-data and out-data, to increase faith and credibility of your website and also for Google, it\u2019s a ranking factor! For some years already, browsers warn the user and block the navigation in case this protocol is missing.<\/p>\n<p><em>N.B. There are different kinds of SSL certificates, make sure you choose the right one for your project. For example, if you accept payments on your site, assess using a certificate where the information about your brand will appear, so users will trust you more!<\/em><br \/>\n[\/vc_column_text][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;143911&#8243; subheading=&#8221;and personalize HTTP Header security&#8221;]Hide the WordPress version [\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;309856&#8243;]The XML-RPC service of validation that\u2019s included in WordPress it\u2019s usually object of brute force attacks.<br \/>\nThat\u2019s why disabling it is always a good idea. There are some plugins that allow you to do it very easily or you can ask your hosting supplier to do it.<\/p>\n<p>Hide also the WordPress version you\u2019re using, that usually is shown in the source code of the page, so you\u2019ll make the hacker&#8217;s life harder. You can do it from your file functions.php adding this code version:<\/p>\n<pre><strong>function wpversion_remove_version() {<\/strong>\r\n<strong>return '';<\/strong>\r\n<strong>}<\/strong>\r\n<strong>add_filter('the_generator', 'wpversion_remove_version');<\/strong><\/pre>\n<p>Erase the file readm.me because it\u2019s also reported there! Do a check of your project on <strong><a href=\"https:\/\/securityheaders.io\/\" target=\"_blank\" rel=\"noopener\">securityheaders.io<\/a><\/strong>.[\/vc_column_text][vc_empty_space empty_h=&#8221;2&#8243;][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;121942&#8243;]Protect you login data[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;188696&#8243;]Another simple trick is to modify the access address from your administration panel. Personalizing the link can make automatic bot\u2019s life harder. Enable a two-factor authentication and a block in case of too many failed login attempts or an use from an inexistent username. There are a lot of plugins that can help you with that!<br \/>\n[\/vc_column_text][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;171221&#8243;]Change table\u2019s prefix[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;141056&#8243;]When installing, WordPress will create the tables for you through a guided interface. Remember to specify a personalized prefix for tables using a short string.[\/vc_column_text][vc_single_image media=&#8221;94341&#8243; media_width_percent=&#8221;100&#8243; alignment=&#8221;center&#8221; uncode_shortcode_id=&#8221;150932&#8243;][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;857015&#8243;]File wp-config.php[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;114055&#8243;]The wp-config.php file is one of the most important in WordPress.<br \/>\nIt contains security keys, that are random variables that improve cryptography. [\/vc_column_text][vc_single_image media=&#8221;94342&#8243; media_width_percent=&#8221;100&#8243; alignment=&#8221;center&#8221; uncode_shortcode_id=&#8221;959587&#8243;][vc_column_text uncode_shortcode_id=&#8221;726207&#8243;]We advise you to protect the access adding this rule in your htaccess file:<\/p>\n<pre><strong><i>&lt;files wp-config.php&gt;\r\n<\/i><i>order allow,deny\r\n<\/i><i>deny from all\r\n<\/i><i>&lt;\/files&gt;<\/i><\/strong><\/pre>\n<p>Inside the Aspect voice appears an Editor default voice, through which is possible to modify the code of the theme and of the plugins installed. It\u2019s easy to understand how, in case your login will be violated, anyone could access this section and modify hopelessly to your file. Don\u2019t be scared though! Disabling this function is really simple.<br \/>\nIt will be enough to add this code in your wp-config.php file.<\/p>\n<pre><em><strong>define('DISALLOW_FILE_EDIT', true);<\/strong><\/em><\/pre>\n<p>[\/vc_column_text][vc_custom_heading heading_semantic=&#8221;h5&#8243; text_size=&#8221;h5&#8243; text_weight=&#8221;500&#8243; text_transform=&#8221;uppercase&#8221; separator=&#8221;under&#8221; separator_color=&#8221;yes&#8221; sub_reduced=&#8221;yes&#8221; uncode_shortcode_id=&#8221;209902&#8243;]Plan your backups[\/vc_custom_heading][vc_column_text uncode_shortcode_id=&#8221;148950&#8243;]Schedule your site backups daily. This allows you to restore in any moment the last version before an eventual attack, losing the least possible number of data, contents and information.<br \/>\nMake sure you uploaded a version prior to the violation, to not incur in this problem anymore.<br \/>\nUse a href=&#8221;https:\/\/sitecheck.sucuri.net&#8221; target=&#8221;_blank&#8221; rel=&#8221;noopener&#8221;&gt;<strong>this online tool<\/strong> for your check.[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Are you sure you know all the tricks to protect your WordPress website? Find all the tips in our article.<\/p>\n","protected":false},"author":1,"featured_media":94373,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[406],"tags":[244,307],"class_list":["post-94336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-about-web","tag-strategy","tag-wordpress"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/posts\/94336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/comments?post=94336"}],"version-history":[{"count":0,"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/posts\/94336\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/media\/94373"}],"wp:attachment":[{"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/media?parent=94336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/categories?post=94336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/happybrain.it\/en\/wp-json\/wp\/v2\/tags?post=94336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}