← back to the blog


How to protect your WordPress website CMS

Posted on in WordPress  by Molaga


 

WordPress, The most common CMS (content management system) is being widely used by almost everyone,

which makes this platform a magnet for potential attackers. here are some steps that will help you

strengthen the protection of your assets

 

Backup WordPress website

First things first. Whether you picked a hosting company that will handle your WordPress from A to Z,

or you're hosting and maintaining your own WordPress application, It's always important to take care

of periodic backups of your data.

The methods to accomplish this goal are simple:

 

Backup managed WordPress website

Most of the hosting providers have an option to do it fully automated, through the dashboard,

just pick a periodic time and they're committing to do so.

Another option is just to manually download a backup if you're concern about losing your data.

 

Backup self-hosted WordPress website

If you're a server-side ninja, you can create a script that backs up your files, or by version control, and most importantly is the MySQL database. with a CRON job or any other periodic scripts runner, and make it custom for your needs.

 

Backup WordPress site with a plugin

This option is more generic than the previous mentioned above. with a plugin, you can install it on

both managed or self-hosted website, by installing it through the wp-admin dashboard and configure it exactly for your needs.

I'm not gonna recommend any of the plugins in the market, but there are plenty of them

 

WordPress backup plugins

Be aware of your plugins

plugins are very awesome, and really make our lives better and easier, but with comfortability comes danger.

There are a lot of malicious plugins. please consider installing as minimal as possible, try avoiding installing plugins that look cool, or plugins that do something simple that you can do instead.

Why?

 

 Vulnerable WordPress plugins

Most of the plugins are used to make our life easy, indeed. but extremely common of them may include vulnerabilities inside them, which of course found by attackers, and those vulnerable plugins, sometimes allowing the attackers to take advantage of the plugin to sabotage or even steal information from your website.

 

Protect your /wp-admin URL

It is very necessary to reduce the attacking surface among attackers. in our words, letting any anonymous user be able to access /wp-admin URL is a very bad practice because they can just play with the credentials until they find a match and access your backend application.

One way to accomplish that is to modify the route to something else, maybe like /back-office or something less predictable from admin panel.

The other way is to protect this URL within a Basic Authentication, which adds an additional layer of security to the desired management panel.