Hello, I want to know how can we increase the security of our wordpress website. Not by plugins as they can be vulnerable at times. How can we hard code something into our website that would make it hack proof? TIA
Welocme to the Forums ankit 13. Wordpress offers good advice and information on things you can do to help keep your Wordpress site secure. Their own support site is probably a good place to start: [codex.wordpress.org...]
You simply passwod protected your wp admin page from your cpanel account. Use Strong password combination of capital, small and special characters. I also suggest you to use Wordfence security plugin because i have use it from starting of my blog and it is very reliable and one of the best security plugin.
I lock down access to my login page and to the /wp-admin/ directory by IP address. Be sure to read that doc at WordPress. not2easy is absolutely right, it's THE place to start.
And just to be clear, there's no such thing as hack proof (true for any CMS) - not unless you're a top notch cyber-security expert or can afford one. We as WordPress website owners can stop common hackers that use exploits and brute force attacks but unless we own the server, have the skills & knowledge, and control at least the first level of equipment that connects to it, we are vulnerable.
I lock down access to my login page and to the /wp-admin/ directory by IP address
Which means that you need a static IP at home/work and can't, for example, blog from a cafe, right? For me, my IP is going to change every time I reboot my modem, AKA every time the power goes out, which is about 1x per month. I suppose a VPN would solve that.
For me, my IP is going to change every time I reboot my modem
Maybe it's time to get a fixed IP number from your provider. Or change providers. Some charge a small additional fee per month while others include it for free if you ask nicely.
Locking admin logins down to an IP address overcomes all exploits including when someone has guessed the admin username and then only needs to packet sniff a password request/reset email to get your password.
No need to change "Firefox/*" as this may affect CSS but you can add an extra word like "MyAdminBrowser" and then your login page can check for the presence of "MyAdminBrowser" in the user-agent.
I recommend resetting the add-on when not using it because it will be recorded when visiting other websites.