Secure WordPress In 3 Steps Without Plugins

Security of your WordPress installation, specifically the admin panel, should be a top priority. Recent attacks on WordPress plugins have reinforced how critical it is to have solid security measures in place. Here are 3 easy plugin-free steps to help thwart any attacks:

1 – Start with a STRONG password

This should be obvious but with all the recent security breaches in the news it is baffling how many people fail from the start. If you are using the same password everywhere you are begging to be hacked. Same goes if you use a dictionary word at all. WordPress has a Password Strength Detector so take advantage of it to make a strong, unique password. A good starting point is 10 characters made up of mixed case letters, numbers, and symbols. You can do a quick online search to find generators that will do the hard work for you. BONUS – change your password every 60-90 days.

2 – Remove WordPress version file

Stop broadcasting to the world the current version your WordPress installation. This information can be used by nefarious individuals to determine quickly which known vulnerabilities will work against your site. In your FTP program navigate to the root folder where WordPress is installed and delete ‘readme.html’ file. This file WILL be reinstalled with each new version upgraded, so make a mental note to repeat this step. Maybe on a future version of WordPress they will allow this file to be optional. Until that time, just delete it..

3 – Remove Error Message on Failed Login

By default if you enter a wrong password or invalid username the WP login page produces an error message. This means a hacker will know if he has guessed one of the login details right. If you insert one simple piece code you can remove that error message all together. In your Admin area, choose Editor under the Appearance heading; click on ‘Theme Functions’ (functions.php) in the right sidebar to bring up the page you need to edit. Add this code at the very top of the file just below the:

<?php

//Remove Error Message on Login page
add_filter(‘login_errors’,create_function(‘$a’, “return null;”));

Click ‘Update File’ and you are done.