Modify login errors

When you type wrong username or password, it will give very detailed error message telling you exactly whether your username is wrong or password. This is a great hint for hackers but fortunately we can disable the login errors by following code:

function your custom error(){

return 'Anything you will write here will become new error messages';

}

add_filter( 'login_errors', 'your custom error' )

Never use admin as an username

First don’t use admin as an username, if you have then make it as subscriber. Subscriber has less privileges i.e can’t delete or add post and pages.

Enable 2-factor authentication

This is highly recommended. If someone gets hold of your WordPress login details, they will still need your mobile phone to get into your WordPress dashboard.

Unlike Dropbox or Google, 2-step authentication isn’t part of WordPress but you can always use the Authy plugin to enable 2-factor authentication.

Stop WordPress from guessing URLs

WordPress has habit of guessing URLs. If an user request macwill.in/con URL but if that page doesn’t exist, WordPress may redirect that user to macwill.in/contact because the URLs have some common words.

By following code you can stop wordpress to stop guessing URLs.

add_filter('redirect_canonical', 'stop_wordpress_guess_url');

function stop_wordpress_guess_url($url) {

if (is_404()) {

return false;

} return $url;



}

Disable file editing when you logged in

WordPress has the strange functionality, that user who logged in can edit files. This becomes easy for hacker that, he can write malicious code in it and destroy your whole website. By following code you can stop editor from back end.

define('DISALLOW_FILE_MODS',true);

Not allow users to install plugins, themes or doing updates

Not allow a user to edit plugin/theme files will only provide one level of security. However, this does not prevent the hacker from adding a new plugin or theme. Once the Admin Panel is compromised, the hacker can also install a rogue theme or a rogue plugin. If you do not install plugins on a regular basis, we suggest, that you disable this option altogether. This can be done by using the option:

define('AUTOMATIC_UPDATER_DISABLED', true);

Limit the login attempts

Sometimes user tries to login in your account by commonly username and password, or uses script to break your password. Then you must limit your login attempts. Limit login attempts is a plugin in that if user tries wrong login details for more than specific time, then login process must be locked out for specific time and you will get email with client IP, then you can BAN that IP address.

Disallow wp-config file

In WordPress wp-config is sensitive file. It is a best practice that disallow wp-config from back end.

 <files wp-config.php>

   order allow,deny

   deny from all

    </files>

Securing with htaccess file

Apache uses ht access to prevent unauthorized access to certain parts of the site. Since wp-config.php should never be accessed directly by anybody, and since it contains the critical database details, we should block it from ht access file too. This can be done by adding the following lines to your htaccess file:

order allow,deny

Deny from 192.168.1.1(you can use multiple IP) or

deny from all (Block all IP)

Change database prefix ($table_prefix)

The WordPress database consists of many tables to store posts, links, comments, users etc. Now these tables by default have standard names like wp_users, wp_options, wp_posts etc. Now a hacker knows that your user details are stored in the table wp_users, and will try and exploit this. We can however prevent the hacker from guessing the name of the table. To do this, while installing WordPress, we need to change the setting for $table_prefix. In your wp-config file there will be a line:
$table_prefix  = ‘wp_’;
You need to change it to something random like
$table_prefix  = ‘macwill_’;
This will cause the tables in the database to become macwill_users, macwill_posts etc, in turn making it harder for the hacker to guess.

Responsive Web design has become one of the hottest trends in 2013.  This is due in part to the  growth of smartphones and other mobile devices. More people are using smaller-screen devices to view Web pages.

1.  Increasing your reach to tablet and mobile audiences:- Increasing use of the internet and proliferation of web applications on tablet and mobile devices has been the driving force behind this development.  Traditionally users would be re-directed to a device specific site (e.g. mobile), but responsive design means one site can be implemented across devices.Tablet sales are expected to exceed 100 million this year, meaning that responsive design has never been so important for those looking to optimise their online content. Indeed, some Byte9 sites are already experiencing up to 40% traffic from tablet and mobile devices, a strong commercial imperative to accommodate the smaller screen size in a unified design.
2. One web-site and one set of code for every device:-  The beauty of having a responsive website versus a mobile friendly version is that you only need to maintain one set of code, one set of pages for your website so any changes or new functionality you offer to the desktop version are automatically available on mobile as well.
3. Save time and cost on site management:-Clients will also find it much easier and less time consuming to manage and maintain a single site,  with much less content to manage. Additionally a single administrative interface can easily be optimized, using layout and workflow tools to manage the correct content, or site templates that are being used for different devices. Business logic can be applied such that the overall mulch-device experience can be significantly enhanced within a single administration.
4. Stay in front of the competition:-Most probably if you check your analytic, you will find out that already 10% – 30% of your visitors are coming from mobile/tablets and if you are not offering them a user friendly version you are losing customers.
   So, the added advantage of going responsive is that it will enable you to keep in touch with your customers and engage with them on every possible occasion.
5. You are preparing now for the future:-The future of the web is mobile and it is estimated that by 2017 more than 5 billion people will use mobile phones. These are numbers and figures you cannot ignore and if you are not convinced that a responsive website can help your business now, it will certainly do in the next few years.

Open  Business For 24 Hours a Day
Your business is open to the world 24 hours a day, 7days a week with no labor costs to watch it.  An online store never closes. And a website faces no time zone barriers.

Improved Customer Service
You can provide 24 hours customer services without hiring any additional employees. Your customers are better served when they can access information about your product or services immediately via your website rather than waiting for a mailed brochure or a return telephone call.  In today’s fast-paced market, how quickly and conveniently customers can access the information or purchase the product is frequently the factor that determines who will win the sale. Provide answers to frequently asked questions on your website.  Information requests can be processed immediately via online forms and auto responders whether someone is in the office or not.

Promote Your Services
Lawyers, doctors, financial consultants, entertainers, realtors and all service oriented businesses should take advantage of the massive reach of the Internet. Millions of users are logging on to the  Web to compare various specialists and practitioners before they purchase a specialized service.

Many Money From Your Site
You can also earn revenue for sales, leads, and traffic driven from merchant links and ads placed on your site. Take advantage of free access to various affiliate networks on the Internet.

Viral Marketing Without a Marketing Cost
You can have your satisfied customers refer you to their friends and relatives through an online form on your website.