(*10*)
Una de las cosas más importantes que puede hacer al crear un sitio de WordPress es asegurarse de que be seguro. Aún cuando nunca puede aumentar la seguridad del sitio al 100%, seguramente puede disparar al 99% y puede lograrlo a través la promulgación de medidas, tanto grandes como pequeñas, que tengan en cuenta todos los puntos de acceso de su sitio y sus vulnerabilidades.
Some of you might already think that your site is quite secure. And that's great, but why not take a couple of minutes and go through this list I've put together of things to look for when it comes to WordPress site security? You will walk away with a plan of action or feel more confident in your existing measures, and both are good.
Here are 10 things to look for or keep in mind to make sure your site is as secure as possible.
1. Limite la accessibility del panel
When someone has access to your WordPress dashboard, they can add new posts and pages, upload files, and change their settings. An inexperienced person could make a mistake without realizing it. Or, the intention could be more malicious. Regardless, you should only give access to your dashboard to those you trust.
Puede incluir su IP adress en la lista blanca para restringir que cualquier persona que no esté en su IP acceda a su panel, lo que puede disminuir en gran medida los intentos de piratería. Por supuesto, siempre necesitaría tener acceso al administrador de su sitio desde la misma IP.
To do this, add a new one.htaccess file to your wp-admin folder then add this code:
order deny,
allow
allow from YOUR IP ADDRESS
deny from all
And if you want to protect your theme and plugins from editing by unauthorized users, you can add this code for you wp-config.php proceedings:
define ('DISALLOW_FILE_EDIT', true);
2. Block directory browsing
Probablemente ya sepa que los sitios Web están configurados para que los archivos estén contenidos en carpetas en un server. Por lo general, alguien puede examinar el contents de cada carpeta o directorio, lo que podría dejarlo expuesto a intentos de piratería maliciosos. A pesar de todo, puede hacer que el contenido de ciertas carpetas no sea visible para el público en general. Esta es una táctica de oscuridad y, aunque no hará que su sitio sea 100% seguro, les brinda a los piratas informáticos menos información con la que trabajar y menos información es lo que desea.
To block directory browsing, open su.htaccess file again and insert the following code on the bottom:
Options -Indexes
That's all about it!
(* 10 *) 3. Clear WordPress version information
WordPress themes used to automatically generate the version number of WordPress you are using in the <
¿Por qué? Debido a que darle a un pirata informático el número de versión de forma directa facilita su trabajo. ¡Y no querrás facilitar el trabajo de un hacker! En su lugar, simplemente inserte este código en el functions.php file for your theme:
function remove_wp_version () {
return '';
}
<span style="line-height: 1.8em;">add_filter( 'the_generator', 'remove_wp_version' );
This will remove the version number and add another layer of security to your site.
(*10*)4. Evalúe su nombre de Username y contraseña
You've heard this advice over and over again, but you really need to hear it. Choosing a difficult username and password is important to the overall security of your site. First of all, never use "admin" as your username. Since it is the most popular username for WordPress, leaving it the same is like giving hackers half of your data.
Second, use a series of numbers, letters, and symbols for your password. Basically making it impossible for a human to guess and extremely difficult for a machine to figure out.
5. Take regular backups of the site
Many persons ponen los ojos en blanco cuando escuchan que necesitan hacer copias de seguridad de sus sitios frecuentemente. No debido a que no entiendan que es importante; más bien, debido a que la idea de realizar una copia de seguridad de un sitio completo es agotadora. Mucha gente simplemente no quiere dedicar tiempo y esfuerzo al proyecto.
Luckily, backups can be fully automated these days and are actually a smart solution because they can be scheduled in advance. That way, you will never forget to back up your site again. the WordPress Codex tiene instrucciones detalladas, o puede utilizar nuestra guía acerca de cómo hacer una copia de seguridad de su sitio de WordPress. O puede elegir por una solución basada en complementos (Backup Buddy y VaultPress son dos opciones que hemos usado antes aquí en R Digital marketing).
(* 10 *) 6. Keep your site up to date
Hackers come up with new strategies to destroy websites on a daily basis. So running an outdated version of WordPress is just looking for trouble, mostly since WordPress publishes the flaws and security holes in older versions as soon as a new version is released, as seen in the photo above. Always make sure your site is running the latest version for optimal security.
7. Choose safe themes
At the same time it is important to select topics that have a good reputation. Those made by less reputable developers or those who don't have the cleanest code could open your site to security vulnerabilities once installed. Read reviews of themes before installing them, and if you are buying a premium theme, always buy one from a well-known site.
In the same way, always install theme updates when available. What was previously said about keeping WordPress core files up-to-date at the same time applies here.
8. Choose safe add-ons
Lo que dije previamente sobre los temas al mismo tiempo se aplica a los complementos. Aunque es probable que el consejo sea doblemente cierto para los complementos, puesto que a veces pueden contener malware o código malicioso. No descargue un complemento de un desarrollador que no reconoce y siempre instale actualizaciones cuando estén disponibles para mantener la seguridad del sitio.
9. Protect your files
One of the most important files on your entire WordPress site is the wp-config.php proceedings. Stores a tone of data about your site, includes details about your database and the configuration of the site as a whole. A hacker with the proper knowledge base could change everything linked to your site with just the information in this file. So, as you can imagine, it is important to protect it.
Luckily, you can do it with a relatively simple solution. All you need to do is add the following code snippet to your .htaccess file just below where it says # FIN WordPress:
order allow, deny
deny from all
10. Choose the right hosting provider
Much of your site security comes down to which WordPress hosting provider you choose. Even though I can't tell you which host is better, there are too many variables to consider to discuss in this article, I can tell you that reading reviews is imperative to making a smart decision. Be sure to evaluate host security, backup solutions, and server type before making a final decision.
Remember: The host you select will play a direct role in how fast your site loads, your uptime, and the security of your public and private data. It is not a decision to be made lightly.
conclusion
This list is by no means complete, but it should definitely give you a comprehensive place to start in terms of identifying potential security holes and enacting solutions to protect your site from hackers. At the same time you can pay and follow this WordPress Security Guide for simpler tips to protect your WordPress site. At the same time it should have the benefit of giving you a little more peace of mind. After all, it is typical to spend hundreds of hours developing and implementing a website. Protecting it is imperative.
What steps do you take to protect your site? Would you rather take a manual approach or use plugin-based solutions? Let us know in the comments!
