Ultimate WordPress Security Tips In Hindi (25 Amazing Guide 2020)

Agar aap aapna online business ko secure karna chahte hai to WordPress Security bahut hi important hai.

EK survey me paya gaya Each week, Google around 20,000 websites blacklists karta hai.

Agar aap aapne website ke liye serious hai to website security par focus karna chahiye.

WordPress me bahut tarah se website par attack kiya jata hai jisme ye sare top hai.

  • Cross Site Request Forgery (CSRF)
  • SQL Injection
  • Privilege Escalation
  • Vulnerabilities
most common wordpress hacking

Iss article me aapko complete website security ke bare me Guide kiya gaya hai.

 

1. Rename Your Login URL

WPS-hide plugin ki help se aap WordPress ke dashboard jo ki seoandinfo.com/wp-admin hai aap link change kar sakte hai.

Aap aapne mutabik login ke liye koi bhi link bana sakte hai

Like,

seoandinfo.com/nitin
seoandinfo.com/home
seoandinfo.com/tech

Agar hacker aapke login page ko aasani se jaan jayega to uske liye brute force karna aasan ho jata hai.

iThemes Security plugin ki help se aap login page change kar sakte hai.

  • Change wp-login.php to something unique; e.g. my_new_login
  • Change /wp-admin/ to something unique; e.g. my_new_admin
  • Change /wp-login.php?action=register to something unique; e.g. my_new_registeration

 

Another Plugin,

By default, sare WordPress ka login id“/wp-admin” hota hai. Iska matlab hacker janta hai aapke WordPress par attack katne ke liye kaha jana hai.

WPS Hide Login plugin

Isliye aapko dashboard ki page location change kar deni chahiye. Aap WPS Hide Login plugin ki help se URL change kar sakte hai.

 

2. Choose Best Passwords

WordPress password very complicated rakhe jisse koi aasani se guess na kar sake.

Normally log WordPress me iss taraha ke password bana lete hai.

  • 123456
  • Password
  • 12345678
  • 12345
  • 123456789
  • 123abc

 

Password me small letter, big letter, numbers, symbols or special character add kare.

Jab bhi aap WordPress me password create kare in sare cheezo ko dhayan me rakh ke password banaye.

For example: bk@?85sa@)6H5*65%71!

  • Use Uppercase
  • Use Lowercase
  • Add Numbers in password
  • Add Special characters in password

 

Aapka Password hamesa hard aur long hona chahiye.

15-16 character ka password rakhe aur usme capital letter,small letter, special letter jaise special character ka use jarur kare.

 

3. Install Themes, Plugins From Official Source

Kuch log WordPress ke premium theme or plugin ke liye crack or pirated theme download use karte hai.

Par unko ye pata nahi hota hai jo log cracked theme or plugin upload karte hai usme aapna kuch code add kar dete hai.

Jiske karan uss theme or plugin me aapka control ke sath uska bhi control ho jata hai or aapke website me malware upload kar sakta hai

Ya aapke important password or important information nikal sakta hai.

Isliye kabhi bhi aapko pirated cheezo ko use nahi karna chahiye. 

wordpress official website

Aapko Official website se plugin or theme download karna chahiye.

 

4. Secure Your wp-config.php File

WordPress me wp-config.php bahut important file hai, issi file me aapke “databasename”,  “user name”,  “database password” hota hai.

Isliye isko koi aasani se access na kar paye iske liye aapko wp-config.php ko disable kar dena chahiye.

wp-config.php disable karne ke liye .htaccess files me ye code paste kar de.

 

<fileswp-config.php>
orderallow,deny
denyfrom all
</files>

5. Limit Login Attempts

By default, WordPress me unlimited ID or Password enter karne ka option hota hai. Iss karan se WordPress me brute force attacks ki problem jada hoti hai.

unlimited ID or Password enter karne ke karan website me Brute Force attack ho sakta hai.

Brute Force kya hota hai ?

Brute Force me hacker baar baar Id or password repeat kar aapke dashboard me enter karne ki kosis karta hai.

Brute Force ke software me 10 lakh se bhi jada password aapke site pe apply kiya jata hai agar koi bhi password match kiya aapka site hack ho jayega.

Isse bachne ke liye aapko WordPress me LoginLockDown plugin install karna chahiye.

Active hone ke baad iss path pe jaye.

WordPress Dashboard » Settings » Login LockDown 

Login LockDown

Login lockdown plugin WordPress tools hai agar koi aapke WordPress website me login karne ki kosis karega aapko notification mil jayega.

Iski help se aap login ko limit kar sakte hai like 3 baar se jada koi galat password daal ke login karne ki kosis kare uska IP address lock ho jaye.limit login attempts

Agar koi invalid username daal kar login ki kosis kare wo bhi lock ho jayega.

Login attempt ko limit karne ke liye aap Login LockdownWP limit login attempt plugins install kar sakte hain.

 

6. Add Security Questions to WordPress Login Screen

Aap WordPress me security question feature add kar aapne site ko or secure rakh sakte hai.

Add Security Questions

Jab bhi koi aapke dashboard me enter karne ke kosis karega usse 3 box me right answer dena hoga tabhi open hoga.

Aap security questions feature WP Security Questions plugin ki help se use kar sakte hai.

WP Security ke liye Settings » Security Questions page par jaye or setting save kar le.

 

8. Jetpack WordPress Plugin

Jetpack security purpose se acha plugin hai. Jetpack me bahut sare feature hai.

Jetpack security ke sath aapke website ke image ko bhi compress karta hai or aapke post ko social media me auto post bhi karta hai.

Jetpack plugin ke ye sare feature hai.

  • website ka Stats check kar sakte ho
  • subscribe share button
  • Auto publish
  • Mobile optimize
  • Image performance
  • Centralized management

 

9. Akismet WordPress Plugin

Akismet plugin bhi aapke site ko security provide karata hai. Mein highly recommended karuga sare WordPress user ko ye plugin use karna chahiye.

akismet plugin

Ye totally free plugin hai iski help se aapke site par aane wale spam comment ko block kar deti hai.

Jo log comment box me links add karte hai or fake username or email comment me use karte hai Akismet ussi type ke comment ko block karta hai.

Comment karne ke bhi kuch rules hote hai jiski help se aapko backlinks ke sath traffic bhi milti hai.

Akismet plugin features:

  • Delete all spam comment.
  • Approved or Disapproved spammed.
  • Automatically check all comments.

 

10. Wordfence Security

Wordfence plugin top 5 security ke ander aata hai. Isme security ke bahut sare option hai.

Agar koi hacker aapke site ko hack karne ki kosis ya login karne ki kosis karta hai.ya koi plugin me problem aa jati hai to aapke gmail par ye notification send karta hai.

Aap Wordfence plugin ki help se kisi ki IP block kar sakte hai aap kisi country kesare IP ko block kar sakte hai.

Aap iss image me dekh sakte hai jo log aapke site par illegal work karte hai usse Wordfence block kar deta hai.

Wordfence me aap website ki speed bhi improve kar sakte hai.

Wordfence security plugin features:-

  • WordPress Firewall.
  • Login Security Feature.
  • Security scanning feature.
  • Blocking Feature.

 

11. Updraft Backup WP Plugin

Aapke site ka backup banana bahut jaruri hai. Aapko regular backup banana chahiye.

Kyuki aapka site kabhi bhi hack ho sakta hai. WordPress me plugin ke help se aap regular aapne site ki backup create kar sakte hai.

Backup aap 2 tariko se bana sakte hai.

1. Manually

2. With the help of plugin

Agar aap WordPress me ne whai to aapke liye plugin se backup banana bahut aasan hoga.

WordPress me backup create karne ke ke liye Updraft Backup WP Plugin best hai.

updraftplus

Backup WP plugin features:-

  • Simple to use, no setup required.
  • Uses zip and my sql dump for faster backups if they are available.
  • Works on Linux & Windows Server.
  • Translations over 12 language.
  • Support should you need help.

 

Important note: Backup banane se pahale aap aapne WordPress me ek baar WP optimized plugin ko install kar run kar le uske baad isse install kar le.

Aapke database me jitne useful and useless table honge usse ye clear kar deti hai, jisse aapka database ka size kaam ho jata hai.

Mein aapne WordPress website me har month iss plugin ko install kar database clear karta hu.

 

12. Always Use Latest Version of WordPress

WordPress open source software isliye isse regularly maintained and updated karna important hai.

Iske sath aapko hamesa WordPress ko bhi update karna chahiye.

Kyuki old version WordPress me security break hone ka chance ratha hai.

Hacker hamesa WordPress me bug nikalne ki kosis karta hai agar koi bug aapke WordPress me mil gaya aapka site hack ho sakta hai.

latest wordpress update

Jab bhi WordPress ka new version aayega aapko dashboard notification mil jayega.

 

13. Regularly Update Themes and Plugins

website update

WordPress software update karne ke sath aapko theme or plugin ko bhi add karna chahiye.

Jab bhi koi theme or plugin me new update aata hai aapko dashboard me show ho jayega.

Aapko regular isse update karte rahena chahiye.

 

14. Google Authenticator (Two Factor Authentication)

Iss plugin ki help se aap aapne WordPress site me 2nd security layer bana sakta hai.

Aapko dashoard me enter karne ke liye aapko 2 baar password enter karna hoga.

Google Authenticator (Two Factor Authentication)

Jada tar WordPress hack Brute force attack ke karan hota hai. Isse karan se jada WordPress hack hojati hai.

Iss plugin ki help seaap Brute force attack se bach sakte hai.

 

15. Disable file Editing in admin dashboard

By default, WordPress me theme or plugin ko dashboard se edit kar sakte hai.

Disable file Editing in wordpress

Mein aapko highly recommend karta hu aap isse disable kar de.

Agar hacker aapke dashboard me access le liya to wo aapke theme ya plugin me malicious inject kar dega.

Or aapke site ka pura control uska ho jayega. Isliye aapko iss feature ko disable kar dena chahiye.

Dashboard se editor function disable karne ke liye aap wp-config.php file me ye code add kar de.


## Disable Editing in Dashboard
define(‘DISALLOW_FILE_EDIT’,true);

 

16. Delete Themes and Plugins that are not in use

Agar aapke WordPress me koi aisa theme ya plugin install hai or uska use nahi ho raha to usse delete kar dena hi acha hai.

wordpress default theme

Extra theme and plugin install hone ke karan site me code capacity jada ho jati hai. jisse hackers ke liye jada chance ban jata hai.

Agaer aapke site me jitna kaam theme or plugin hoga hacker ko bhi aapke site ko access karne me chance kam ho jayega.

 

17. Make Sure Your USERNAME Is Not ADMIN

WordPress me kabhi bhi “Username” admin nahi rakhna chahiye.

wordpress create admin user

Jab aap WordPress me new website banawoge ussi time aapko ye option milega aapko tough username choose karna chahiye jisse log aasani se guess na kar sake.

Agar aap iske bare me nahi jante the or aapka username abhi admin hai to aap Admin Renamer Extended plugin ki help se change kar sakte hai.

 

18. Remove The WordPress Version Number

By default, WordPress me aap version check kar sakte hai, aapka WordPress website kis version me aap code se pata laga skate hai.

wordpress version check

Hacker’s issi ke through security ko break karne ke kosis karta hai. iske liye aapko WordPress version ko hide karna hoga.

WordPress me version hide karne ke liye functions.php file me jaye or usse ye code add kar de.


function wpversion_remove_version() {
return”;
}
add_filter(‘the_generator’,’wpversion_remove_version’);

 

Aapko WordPress root se  readme.html file bhi delete kar dena chahiye, iss fileka koi jarurt nahi hota website hai

Par ye files se hacker ko bahut help milti hai aapke site ko hack karne ke liye.

 

19. SSL Certificate

SLL certificate ek website security protocol hai. User or server ke bich jo data transfer hote hai usse ye encrypt kar deta hai.

free sll certificate

SSL se aap aapne website ko secure rakh sakte hai. Internet par aise bahut se services hai jo aapko free me SLL provide karate hai.

Cloudflare aapki site ko

  • Brute force attack
  • Spam visitors
  • hacking attempt

 

Se secure rakhta hai.

Sath hi aapki site ko cache clear rakhta hai.

Aap iska premium version bhi purchase kar sakte hai, jisme aapko jada benefit milenge

 

 

20. Prevent Hotlinking

Agar aapke post ka image ka link koi copy kar koi dusare blogger aapne blog me add kar le wo hotlinking me aata hai.

Aise me image aapke server par ratha hai par link ke wajah se uske site par bhi image open ratha hai.

Aise me aapke server par load bahut jada ho jata hai. isse remove karne ke liye simply niche step ko follow kare


RewriteEngine on
RewriteCond%{HTTP_REFERER} !^$
RewriteCond%{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$http://dropbox.com/hotlink-placeholder.jpg [NC,R,L]

 

To prevent hotlinking in NGINX simply add the following code to your config file.

location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo yourdomain.com *.yourdomain.com;
if ($invalid_referer) {
return 403;
}
}

 

Conclusion

Bahut se WordPress users ko backups and website security ka importance tab tak pata nahi chalta hai jab tak uski website hacked na ho jaye.

Iss article me aapko WordPress security ki best practices bataya gaya hai.

Agar ye article aapko acha laga isse jarur aapne social media me jarur share kare sath hi iss bookmark kar le.

Add a Comment

Your email address will not be published. Required fields are marked *

0 Shares