According to Forbes Magazine 33,000 websites are hacked every 24 hours
Hackers are on the rise as hacking tools become more readily available, and the best way to protect yourself is finding a professional that focuses on security.
We have created a strong password generator that you should checkout that explains what a strong password is.
We include these best practices.
1. Hide your admin/login page
Hiding your admin page keeps hackers from attempting to login to your website via the admin dashboard. We also disable XML-RPC which allows hackers to attempt to login remotely. As a backup we also include a limit login attempt, but after hiding and disabling XML-RPC you will stop 99% of people trying to hack your site via the login page.
2. Rename your WordPress folder structure
We rename your core folder structure. This serves two purposes, keeps your site from simple Google searches for known vulnerable plugins as well as breaks the most popular WordPress hacking tool on the market called WPScan.
3. Restricting Access to sensitive files
We will make sure that no one can access sensitive files, like your wp-config which stores database login credentials, wp-includes and wp-admin, which are your core files that no one should have access to on the “front end” of your website. We also use custom code to stop user enumeration. (a simple way built into WordPress for someone to find an admin username)
4. Remove all html comments and generator tags
It’s very bad practice, but most plugins will list their version number in html comments giving notice that you have a vulnerable version of a plugin. WordPress even does it on the end of css and js files. We strip out all these things making it harder for anyone to detect what version number you are using for both WordPress and plugins.
5. Vulnerable Plugin Detection
Having a system that sends an email when you have a known vulnerable plugin installed on your website is a must have. This helps mitigate most risks of using more than a handful of plugins.