Security of your WordPress installation, specifically the admin panel, should be a top priority. Recent attacks on WordPress plugins have reinforced how critical it is to have solid security measures in place. Here are 3 easy plugin-free steps to help thwart any attacks:
1 – Start with a STRONG password
This should be obvious but with all the recent security breaches in the news it is baffling how many people fail from the start. If you are using the same password everywhere you are begging to be hacked. Same goes if you use a dictionary word at all. WordPress has a Password Strength Detector so take advantage of it to make a strong, unique password. A good starting point is 10 characters made up of mixed case letters, numbers, and symbols. You can do a quick online search to find generators that will do the hard work for you. BONUS – change your password every 60-90 days.
2 – Remove WordPress version file
Stop broadcasting to the world the current version your WordPress installation. This information can be used by nefarious individuals to determine quickly which known vulnerabilities will work against your site. In your FTP program navigate to the root folder where WordPress is installed and delete ‘readme.html’ file. This file WILL be reinstalled with each new version upgraded, so make a mental note to repeat this step. Maybe on a future version of WordPress they will allow this file to be optional. Until that time, just delete it..
3 – Remove Error Message on Failed Login
<?php
//Remove Error Message on Login page
add_filter(‘login_errors’,create_function(‘$a’, “return null;”));
Click ‘Update File’ and you are done.
