prevent unauthorised users to gain access
-
Someone recently gained access to my site without my authorisation. Please let me know how to prevent this in the future.
The blog I need help with is: (visible only to logged in users)
-
To secure your site after an unauthorized access event, you should immediately address the primary “entry points” hackers use: weak credentials and outdated software. First, you must change your administrative password and enable Two-Step Authentication (2FA) via the Security tab in your WordPress.com account profile; this ensures that even if someone steals your password, they cannot enter without a unique code from your phone. Next, audit your site’s users by going to Users > All Users to delete any accounts you don’t recognize, and check Settings > General to ensure the “Membership” box for “Anyone can register” is unchecked unless absolutely necessary. Since 96% of WordPress hacks occur through vulnerabilities in old plugins or themes, you should also navigate to Dashboard > Updates to ensure every component of your site is running its latest version, which includes the newest security patches. Finally, if your plan allows it, install a security plugin like Wordfence or Solid Security to perform a deep malware scan and set up a Web Application Firewall (WAF) to block suspicious traffic before it even reaches your login screen.
WordPress.com Forums 