When you scout the internet to find ways to protect your WordPress website, you will come across tons of information. One of the most commonly shared suggestion would be to install a popular WordPress security plugin. But did you know that 22% of all hacked websites were because of a security issue in a plugin? This is just one of the reasons why you shouldn’t blindly trust your website’s security on a plugin.
Another reason for avoiding plugins, in general, is to reduce the bloat that it causes on the site. A heavy plugin can easily slow down your website because of the number of files. While testing specific plugins, we’ve seen the site load time go up by almost a second. You may call that negligible, but with the internet world that’s the difference between a good site and a not so good one. If you want to tackle both these problems, then it is advised to minimize the use of plugins on your website.
But then what about security for your WordPress website? Fret not, cause we got you covered with five simple ways to secure your WordPress site without plugin.
1) Update WordPress: Now and then WordPress releases updates to the WordPress core. Some releases could be for adding features while some could be to patch the system from any new vulnerabilities. Irrespective what the release has in store, you must update your website to the latest version. Some hackers are always trying to penetrate the WordPress system in search of loopholes. If your site is not spruced up with the newest protection, then there are high possibilities of your website getting hacked.
While WordPress can automatically update itself when the new version is live, some developers deactivate this feature. This step is taken by the developer because there could be a possibility that the new update might not be compatible with their code and break the site. One way to avoid any issues is to test your website on the local server before taking it live on the real website.
WordPress also gives access to thousands of themes and plugins which are developed by third-party developers. All of your installed themes and plugins also need to be updated even if they are not active. An old theme or plugin can be a back door to your entire website. We strongly recommend getting rid of any plugin or theme if they are not in use.
2) Change username and password protect wordpress site without plugin: While installing WordPress, the default username is set to admin. Such an easy username makes your website an easy catch for any hacker. They can run scripts that can check for millions of passwords against your website in a matter of minutes. Majority of the sites are breached because of this very mistake. We recommend that you set up a complex username so that you can add one more hurdle for the hacker. Similarly, passwords need to be strong for the same reason. It’s best you set up your password and be generous in using alphabets, numbers, special characters and case.
3) Disable File Editing: WordPress has an inbuilt code editor that can be accessed by anyone that has admin access. If this falls into the wrong hands then your inviting disaster for your website. However, you can disable this feature by adding the following code in the wp-config.php file.
define( ‘DISALLOW_FILE_EDIT’, true );
4) Protect essential files using .htaccess: If you’ve ventured into WordPress security, then the term .htaccess is not an unfamiliar word. This one file can easily make or break the security of your entire website. We have a bunch of essential code snippets that could strengthen your website’s security.
Restrict Access to wp-login:
<Files wp-login.php>
order deny,allow
Deny from all
# allow access from my IP address
allow from 192.168.3.1
</Files>
Here you will need to add your IP instead of the dummy one so that only you can get access to wp-admin.
Hide wp-config.php:
<files wp-config.php>
order allow,deny
deny from all
</files>
By adding this piece of code to the .htaccess, you will hide the wp-config.php file that has many personal and website details.
5) Hosting you can trust: No matter how many security tricks you have up the sleeve, if you don’t invest in a secure web hosting, then your probably going to lose it all. People compromise profoundly on quality by signing up for free or incredibly cheap web hosting services that have little to no security at the server level. At Hostgator, we take security seriously and ensure that we secure our servers. You can add an additional of security on your WordPress website by signing up for SiteLock that will provide complete malware protection.
If you’re still pondering over what kind of hosting you should use for your WordPress website, we recommend that you check out our WordPress Hosting plans. It is powered by the cloud infrastructure, has an intuitive dashboard, advanced caching system, instant scaling and automatic failover, giving your WordPress website an edge over the others.
We hope this article has helped you gain some useful information in order to secure your WordPress website, minus any plugins. If you have any recommendations, please feel free to share it in the comments section below.