The first ‘gateway’ that your new customers come across is your site. If your site runs a WordPress CMS, not thinking about the security of WordPress is the same as not thinking about the security of your business, income, and presence in the online world.
WordPress security is a wide-ranging topic, and only one compromised WordPress site can infect many areas through cross-site scripting. However, as with any CMS, as the popularity of your website grows, there is more possibility to come across different kinds of issues maintaining it.
WordPress is an exception because issues within WP code are rare appearances. The biggest problem is in plugins and themes. The WordPress team is mainly focused on resolving any security vulnerabilities that occur in their code. At the same time, we cannot say the same for authors of themes and plugins.
Ten WordPress security tips:
- Do not use generic accounts, always know who is accessing your site.
- Secure the folders – disable PHP execution.
- Make a backup – you never know what might go wrong.
- Make a secure connection to your server.
- Check the security of the hosting provider.
- Disable unnecessary logins to wp-admin, FTP.
- You do not have to write articles as an admin. Not everyone has to be an admin.
- IP filtering + Two-tier authentication + Strong password = Secure access.
- If you are unsure, choose a hosting provider to help you with WordPress.
But even when you pay enough attention to the security of your website, there are always situations where problems can occur that we can not predict. Especially when it comes to accessing the site. To be even more sure, and to increase the security of your site, and primarily to solve login problems, we recommend the following plugins:
1. Install WP Reset – Emergency Recovery Script
The essential thing is to think ahead and prevent any problems that may arise on your website. For example, forgetting your login password is not a strange thing to happen. Especially since we live in a world where we have multiple passwords to remember, it gets easy to mix them up. You can even sometimes run into some problems while trying to access a website.
Sometimes it is too late to look for appropriate plugins that can help you. That is why you have to think ahead, because, you know what they say, better safe than sorry.
Therefore, the first plugin you need to install is the WP Reset plugin which has Emergency Recovery Script among its features. The ERS is a feature that solves problems with forgotten passwords, plugin issues, and corrupted login file issues.
This script does not require any WordPress files or functions to work. So if you do not know why you cannot log in or if a white screen of death appears on your website, Emergency Recovery Script is ideal to have down in your sleeve for overcoming these problems. It will always be there and ready to save you from trouble.
2. Recover a lost or forgotten password
The username (or e-mail address) and password are mandatory data, without which it is impossible to access the WordPress system’s administration. Therefore, if you have lost either of these two data, you will not have access to the administration of your website.
After you see that the system denies you access, do not continue to enter this user data. The IP address blocking could compound this problem by the server (5 failed logins within one hour the server interprets as a brute force attack and blocks the IP address).
If you find yourself in this situation, click the Lost your password link. The WordPress system will take you to a password reset page where you will have to type in a username or e-mail address. Soon, customer support will send you new user data. Click Reset password, check your mailbox, and follow the instructions in the e-mail.
3. You forgot the password, but you have access to cPanel/the database? – make an update
To know the name of the database, you need to log in to the ControlPanel and select “File Manager.” Once you have opened the File Manager, go to the directory (file), right-click on the wp-config.php file, and select the view option. There you should see the defined variable DB_NAME example: define (‘DB_NAME,’ ‘username_blog’);
In the example above, the database name is username_blog. We suggest, if you can’t remember the database name to write it down, you will need it later on.
WordPress uses a whirlpool hash for protection in case of access to the database. You cannot see the actual password, but it is shown in another format that you cannot decode.
It would be best to set up the desired password at this link, enter the new identification code in the blank field and click on “Hash this phrase.” After that, you should get the password. Copy the identification code and save it.
Log in to CPanel or return to the home page in it and select the “phpMyAdmin” option; afterward, all the databases in the list on the left should open. First, you choose your database username_blog. Select the table perfix_users. It will open all the users you find. Find the one you want to change the password, press “Edit” user_pass, paste the password you generated in the step above, press Go, and boom, you are all set.
4. Clear the WP cache memory
When we visit a site, web browsers (Chrome, Firefox, Safari) create simple text documents that we all know as “cookies.” Your device stores these text documents and allows the browser to access the cookie and forward the data to the site you have visited. So, cookies collect information (such as login information or pages we saw earlier) to make our online experience as good as possible and the internet as fast as it can get.
A cache is a small-capacity memory that stores data that we use frequently. For example, once you visit a website, the cache will remember specific data. Every time you access a certain site, the web browser will pull that data out of memory, not reload. Therefore, loading the site is much faster. However, when the cache is complete, it slows down your web browser. So, it would be best if you cleaned it from time to time to speed up your computer, tablet, or mobile phone.
Good practice in managing WordPress sites is the installation of so-called caching plugins. This plugin will speed up the page and improve the user experience. Also, it will reduce the number of resources the website spends. However, due to the way caching plugins work, some changes on the website in certain situations will not be visible right away, and it will take some time.
You should use this plugin for cleaning periodic memory. In such cases (if you want the changes on the website to be visible immediately), it is necessary to clear the cache memory.
5. Plugin issues and the “White Screen of Death”
Often, the simplest solution is the best. It would be best if you could locate which plugin is causing the trouble and deactivate it. Namely, the error code often consists of a path to the plugin that causes problems.
Open the dashboard, click the Plugins tab, find the plugin in question, and deactivate it. Next, it is recommended to contact the plugin author and write a description of your problem as detailed as possible (version of the plugin and WordPress, the theme used, etc.) and ask for help with your issue.
If it is not clear from the error message which plugin is causing the problem, you will have to deactivate all plugins and find the “culprit” by the elimination procedure. If you see the “White Screen of Death” instead of the wp-admin page, it is evident that you will not be able to deactivate the plugins as in the procedure described above.
However, there is a solution for that as well. All you have to do is have the WP Reset plugin among your plugins and solve the “White Screen of Death” problem via its Emergency Recovery Script.
6. WordPress theme issues
Problems with WordPress themes are not so common, but it is always good to be prepared and to know how to solve them if or when they appear. WordPress themes are a great way to shorten the process of creating a fully functional and beautiful website. However, sometimes they can be a source of potential problems, especially for less experienced users and those who are just beginning to get acquainted with WordPress.
Each theme comes with a stylesheet.css file that takes care of the beautiful look of your theme. Like any other file within WordPress, you can modify this one as well. It is usually the case when you want to change a style or position of an element on the page. Then you change the stylesheet.css file.
Unfortunately, if you do this directly in the theme, you will override your changes each time you update the piece, and it will reset your stylesheet.css file settings to default. The best way to avoid this is to use some custom CSS plugins for minor changes to the CSS code. Another way is to make all the changes in the child theme. It will avoid the problem described.
Also, check for conflict in the theme that WordPress uses. For this, you need to include a default WordPress theme. Since the site does not work, you cannot do this from the control panel, but you can from cPanel via the phpMyAdmin application. Log in to cPanel. Open the PHPMyAdmin application, click on the name of the database your site uses, find the wp_options table, and then rows template and stylesheet.
Further, you will see that it says the name of the existing topic that the site operates. Change that name to the default theme name. You can change the term by clicking on the Edit option or double-clicking the topic name to open the entry or revision field.
7. Check the .htaccess file
There is a file called .htaccess at the root of your site. If you have access to this file and are familiar with its content, open it and see if everything is OK. If you, for some reason, don’t see the file, you have to enable the option to show hidden files. Do this in the File Manager application, click Settings in the upper right corner, and then check Show Hidden Files (dotfiles).
If you do not know or are not sure if this file is correct, first rename it (change its name), and it will turn it off. For example, rename it to .htaccessBACKUP. Then create a new .htaccess file and place the default WordPress content in that file.
Login problems on your WordPress page are not a common occurrence, but you can have an almost hopeless situation when it does. That is why it is crucial to take preventive action.
The WP Reset plugin offers the ability to make snapshots before any significant changes to the website that may cause problems with later login.
If you have gone through these procedures that we mention above carefully, you have probably already discovered the source of the problem, and that will help you solve it. If you do not have a developer to solve this for you, you can search Google to see if anyone has had a similar problem. Millions of people worldwide use WordPress, so, likely, someone has already had the same or similar situation and published the solution on the Internet.