For one merchant site, there were approximately 500 login attempts via the wordpress login page and xmlrpc. They contacted us in order to protect the site from these attacks. We recommended installing the Hide My WP plugin to redirect the login page to a new url and disable xmlrpc from remote access. There was no single login attempt the day after installation and configuration. We can protect ourselves from bots if we can hide the login page and disable the xmlrpc.
Updating the plugin and themes
WordPress is a good platform for implementing any functionality as a plug and play, but security is the primary concern when installing plugins. If the plugin’s author has not updated their plugin in several months, please check to see if he is still active enough to answer questions in the forum. If questions are not answered and the plugin has not been updated in several months, it is safe to deactivate the plugin and find another plugin to achieve the functionality.
It applies not only to plugins but also to themes. The WordPress team will continue to update security patches and core modules on a regular basis, so plugins and themes must be compatible with updated wordpress versions; otherwise, we must inquire with the author about when an update for plugin and theme will be released.
Supporting developers by renewing the yearly licenses
This time, I’d like to highlight that customers who purchase a theme or plugin from the developer should show their appreciation by renewing their yearly support licence. It will help developers to keep updating the plugin and theme based on core WordPress updates. Developers will also try to add new functionalities if all customers update their licences. Customers must therefore support the developers who keep your site secure.
It is always a good practice to download backups of DB files on a regular basis for safety reasons. If the site is hacked, customers must be ready to deal with any issues, so it is best to back up the databases frequently and save them safely. You can backup and store files on your desktop using the updraftplus plugin.
Follow the industry standard practice
WordPress is an excellent platform for developing multi-purpose websites for any industry. It began as a blogging platform, but when they added the option to create custom post types, it became popular among developers for achieving any kind of functionality. WordPress is constantly being developed in order to keep the platform up to date, which is beneficial to both developers and customers. Our responsibility is to follow best practices for website security.
If you have any questions about WordPress security, please contact us at [email protected]