{"id":18896,"date":"2017-03-17T10:08:19","date_gmt":"2017-03-17T10:08:19","guid":{"rendered":"https:\/\/rarathemes.com\/blog\/?p=18896"},"modified":"2024-08-21T13:44:30","modified_gmt":"2024-08-21T07:59:30","slug":"wordpress-security","status":"publish","type":"post","link":"https:\/\/rarathemes.com\/blog\/wordpress-security\/","title":{"rendered":"15 WordPress Security Tricks to Secure Your WordPress Website"},"content":{"rendered":"\n<p>There\u2019s been so much news about <a href=\"https:\/\/thehackernews.com\/2017\/02\/wordpress-hack-seo.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">WordPress websites being hacked<\/a> lately. And, many people have started questioning the safety of WordPress due to the recent attacks.<\/p>\n\n\n\n<p>Therefore, if you own a WordPress website, you must act on these 15 WordPress security techniques that I will teach you in this guide.<\/p>\n\n\n\n<p>Before we jump right into it, let me warn you ahead.<\/p>\n\n\n\n<p>While you are here busy reading this article, some script kiddie might be trying to hack into your website (WordPress or not).<\/p>\n\n\n\n<p>Seriously?<\/p>\n\n\n\n<p>Yes.<\/p>\n\n\n\n<p>\u201cWhy would some guys waste their time on me? It\u2019s not like I am a big business.\u201d<\/p>\n\n\n\n<p>Well, I don\u2019t want to bump up your worries, but hackers like small websites because they are an easy target.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title ez-toc-toggle\" style=\"cursor:pointer\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#Why_is_Website_Security_Such_a_Big_Fuss\" >Why is Website Security Such a Big Fuss?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#WordPress_was_hacked_Should_You_Seek_Other_Platforms\" >WordPress was hacked, Should You Seek Other Platforms?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#1_Use_Unique_Username_and_Password\" >1. Use Unique Username and Password<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#2_Use_Two-Factor_Authentication\" >2. Use Two-Factor Authentication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#3_Verify_the_User_as_a_Human\" >3. Verify the User as a Human<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#4_Update_WordPress\" >4. Update WordPress<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#How_to_Update_WordPress\" >How to Update WordPress<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#5_Disable_File_Editing\" >5. Disable File Editing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#6_Limit_Login_Attempts\" >6. Limit Login Attempts<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#7_Brute_Force_Attack_Protection\" >7. Brute Force Attack Protection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#8_DDoS_Attack_Protection\" >8. DDoS Attack Protection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#9_Scan_for_Malware_and_Remove_Them\" >9. Scan for Malware and Remove Them<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#10_Good_Webhost\" >10. Good Webhost<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#11_Choose_Plugins_and_Theme_Wisely\" >11. Choose Plugins and Theme Wisely<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#12_Remove_UnnecessaryOutdated_Themes_and_Plugins\" >12. Remove Unnecessary\/Outdated Themes and Plugins<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#13_Secure_htaccess_and_wp-contentphp\" >13. Secure .htaccess and wp-content.php<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#14_Hide_Sensitive_Information\" >14. Hide Sensitive Information<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#15_Stay_Ahead_and_Updated\" >15. Stay Ahead and Updated<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_is_Website_Security_Such_a_Big_Fuss\"><\/span>Why is Website Security Such a Big Fuss?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Okay, someone is trying to break into my website, but why should I care? Especially, since I have a backup of everything. I could just delete the WordPress and re-install it.<\/p>\n\n\n\n<p>Your question is valid. But, what if the hacker has gained access to your backup and web-host?<\/p>\n\n\n\n<p>Also, there are other risks if a computer pirate gains control over your website, some of them are\u2026<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Hackers might steal yours and your visitor&#8217;s information, and use it for illegal purposes.<\/li><li>If you are just starting to get visitors, downtime will affect you in the long run.<\/li><li>People will start to question the quality of your website.<\/li><li>Attackers might post something offensive or illegal on your website, for which you might have to face consequences (legal or otherwise).<\/li><\/ol>\n\n\n\n<p>But, why would anyone put up all the effort just to give trouble to a small website like mine?<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>A small website is easy to hack.<\/li><li>Hackers test their tools on small websites for a bigger project.<\/li><li>They can use your web host to send spam emails.<\/li><li>Intruders use resources of small websites to attack \u201cbig guys\u201d. Your web server can be part of a botnet for DDoS attacks.<\/li><li>Hackers can use your website to spread malware. Thousands of small websites is a good way to spread malware because small websites owners cannot afford security experts to check for security.<\/li><li>Hackers may use your website for increasing traffic and Google rank of their own website by posting backlinks.<\/li><\/ol>\n\n\n\n<p>Therefore, even if you are just starting to set up a website, you must be very careful about security. It isn\u2019t just about you. Your carelessness might affect others too (DDoS attack).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"WordPress_was_hacked_Should_You_Seek_Other_Platforms\"><\/span>WordPress was hacked, Should You Seek Other Platforms?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"280\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/wordpress-hack-usain-bolt-jpg.jpeg\" alt=\"wordpress hack usain bolt.jpg\" class=\"wp-image-18897\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/wordpress-hack-usain-bolt-jpg.jpeg 700w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/wordpress-hack-usain-bolt-jpg-300x120.jpeg 300w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<p>First of all, no system (website or personal computer) is secure. People have even found ways to <a href=\"https:\/\/www.helpnetsecurity.com\/2016\/08\/30\/usbee-air-gapped-computers\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">hack into air-gap systems<\/a> (isolated computers).<\/p>\n\n\n\n<p>Whichever platform you choose, hackers will find a way into it.<\/p>\n\n\n\n<p>The reason why so many WordPress websites get hacked is because WordPress is very popular. About 27% of the websites use WordPress, and it is growing. So, WordPress has become a goldmine for hackers and spammers.<\/p>\n\n\n\n<p>Cyberpunks consistently attack WordPress because if they manage to find a vulnerability, they could take control of 27% of the Internet.<\/p>\n\n\n\n<p>Another reason why WordPress sites get hacked is because it is an open environment. Users can code and modify the websites themselves. They can add third-party plugins.<\/p>\n\n\n\n<p><strong>So, should you find another CMS for your website?<\/strong><\/p>\n\n\n\n<p>No.<\/p>\n\n\n\n<p>The issue is not with the core code of WordPress, it\u2019s the plugins and themes you install. But then, as I said earlier, no system is completely secure.<\/p>\n\n\n\n<p>If WordPress itself was not safe, why would 27% of the web use it?<\/p>\n\n\n\n<p>Many volunteers take special care to maintain the core system and the WordPress repository. The themes and plugins that are available in the WordPress repository are tested thoroughly for security and reliability.<\/p>\n\n\n\n<p>Also, WordPress team tackle every security issues very skillfully. They release updates with security patches constantly. So, you can trust WordPress for your website.<\/p>\n\n\n\n<p>However, you, as a website owner, should also be extra careful. You should always monitor your website regularly.<\/p>\n\n\n\n<p>Here are 15 WordPress security measures that you should follow to minimize the risk of your website getting hacked!<\/p>\n\n\n\n<p><strong>Pro Tip: <\/strong>Always backup your WordPress files including database before making changes to your files, and installing security plugins.<\/p>\n\n\n\n<p><em>Note: Some of the links in this guide are affiliate links. We earn a certain amount of commission if you buy services\/products through the links, without any extra cost to you. That being said, we don\u2019t recommend products that are not worth.&nbsp;<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"1_Use_Unique_Username_and_Password\"><\/span>1. Use Unique Username and Password<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>When you install WordPress, WordPress automatically creates a username called \u201cadmin\u201d. I think it is a great feature because it saves me from the tedious task of entering my own username. I can focus on other really important stuff. Thanks, WordPress!<\/p>\n\n\n\n<p>I know, I know. That\u2019s a stupid excuse. But, did you change the default \u201cadmin\u201d username while installing WordPress? Welcome to the club!<\/p>\n\n\n\n<p>When hackers try to log in to your admin panel, they first try \u201cadmin\u201d as the username.<\/p>\n\n\n\n<p>What\u2019s the big deal about username when you have a strong password?<\/p>\n\n\n\n<p>Well, I know having a strong password is a good thing. But, if you still use \u201cadmin\u201d as your username, you are reducing the hacker\u2019s effort by half. The permutations are reduced.<\/p>\n\n\n\n<p>Hackers can just try the combination of different passwords since they already know your username.<\/p>\n\n\n\n<p>But, the bummer is, you can\u2019t change usernames in WordPress!<\/p>\n\n\n\n<p>Although you can install some plugin to change the username, I don\u2019t recommend using plugins for simple tasks.<\/p>\n\n\n\n<p>Therefore, simply create a new user with administrative privilege, and then delete the old admin user. Don\u2019t worry, WordPress will ask you what you want to do with the posts that the user created.<\/p>\n\n\n\n<p>While creating a new user, use username that\u2019s not too obvious, like \u201cmyname\u201d or \u201cmysitename\u201d.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"330\" height=\"187\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/change-user-wordpress-png.png\" alt=\"change user wordpress.png\" class=\"wp-image-18898\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/change-user-wordpress-png.png 330w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/change-user-wordpress-png-300x170.png 300w\" sizes=\"auto, (max-width: 330px) 100vw, 330px\" \/><\/figure>\n\n\n\n<p>As for the password, the simple rule is that your password should be <strong>complex<\/strong>, <strong>long<\/strong> and <strong>unique<\/strong>.<\/p>\n\n\n\n<p><strong>Complex:<\/strong> Your password should contain <strong>at least<\/strong> 1 number, 1 capital letter, and 1 special character.<\/p>\n\n\n\n<p><strong>Long: <\/strong>Your password should be <strong>at least <\/strong>10 characters long.<\/p>\n\n\n\n<p><strong>Unique: <\/strong>Your password should not contain common words or phrases. And, you should use different passwords for every website.<\/p>\n\n\n\n<p>After you apply the above password rules, your password should look like this: LTwYgrsewDhw@ertzK9#M!K%<\/p>\n\n\n\n<p>That\u2019s a strong password. But the problem is, we are human beings, and that\u2019s hard to remember.<\/p>\n\n\n\n<p>Therefore, utilize tools like <a aria-label=\" (opens in a new tab)\" class=\"rank-math-link\" href=\"https:\/\/www.lastpass.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LastPass <\/a>and <a href=\"https:\/\/keepass.info\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">KeePass<\/a>. They are free, and you can use them on multiple devices.<\/p>\n\n\n\n<p>If you still think that you can get away with simple passwords because you are creative, I hope <a href=\"https:\/\/www.teamsid.com\/worst-passwords-2016\/?nabe=5461801215197184:2\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">this changes your mind.<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2_Use_Two-Factor_Authentication\"><\/span>2. Use Two-Factor Authentication<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You have now used a unique username and a strong password for your WordPress admin panel.<\/p>\n\n\n\n<p>Great!<\/p>\n\n\n\n<p>That\u2019s a step towards better WordPress security.<\/p>\n\n\n\n<p>But, no matter how strong, passwords can be broken! Hackers use brute force attacks (we will talk about it later) to penetrate your website. A strong brute force attack can crack any password.<\/p>\n\n\n\n<p>That\u2019s why you should start using two-factor authentication on your website. It will enhance security.<\/p>\n\n\n\n<p>Two-factor authentication requires you to input a security code besides username and password for logging in. Once you activate two-factor authentication, you will receive some code (single use) on your smartphone. You will be able to log in only after you enter the code.<\/p>\n\n\n\n<p>I know, this is a hassle, but, remember, better safe than sorry. Unless security gurus find some DNA login options, two factors is the best security method out there.<\/p>\n\n\n\n<p>Unfortunately, WordPress doesn\u2019t have inbuilt settings for adding two-factor authentication. You will have to use a plugin called <a href=\"https:\/\/wordpress.org\/plugins\/google-authenticator\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">Google Authenticator<\/a>.<\/p>\n\n\n\n<p>If you are not familiar with <a href=\"https:\/\/www.google.com\/landing\/2step\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">Google\u2019s 2-step verification<\/a>, Evanto tuts+ has great <a href=\"https:\/\/code.tutsplus.com\/tutorials\/using-google-two-factor-authentication-with-wordpress--cms-22263\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">tutorials about using Google 2 factor authenticator with WordPress<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"3_Verify_the_User_as_a_Human\"><\/span>3. Verify the User as a Human<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Hackers use botnets to attack systems with brute force. And, one way of really giving trouble to hackers is by using a reCAPTCHA form.<\/p>\n\n\n\n<p>Generally, botnets cannot validate the reCAPTCHA, so hackers have to manually try to enter usernames and passwords. That, my friend, is a pain in the&#8230;you know where.<\/p>\n\n\n\n<p>But, the old reCAPTCHA, the one that uses distorted text, is not efficient. We all have been there when you have to make a wild guess about some letters.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"574\" height=\"234\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/recaptcha_oldapi-png.png\" alt=\"reCAPTCHA_OldAPI.png\" class=\"wp-image-18899\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/recaptcha_oldapi-png.png 574w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/recaptcha_oldapi-png-300x122.png 300w\" sizes=\"auto, (max-width: 574px) 100vw, 574px\" \/><\/figure>\n\n\n\n<p>To make the reCAPTCHA experience more human-friendly and bots repellent, Google introduced the <a href=\"https:\/\/security.googleblog.com\/2014\/12\/are-you-robot-introducing-no-captcha.html\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">new \u201cNo CAPTCHA reCAPTCHA\u201d<\/a>. The new invisible reCAPTCHA can even detect a human automatically.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"616\" height=\"164\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/recaptcha_anchor2x-gif.gif\" alt=\"Recaptcha_anchor@2x.gif\" class=\"wp-image-18900\"\/><\/figure>\n\n\n\n<p>You can add the reCAPTCHA on your WordPress login, comment and\/or registration form <a href=\"https:\/\/www.sitepoint.com\/no-captcha-integration-wordpress\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">manually<\/a> or by using a <a href=\"https:\/\/wordpress.org\/plugins\/no-captcha-recaptcha\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">No CAPTCHA reCAPTCHA plugin<\/a>.<\/p>\n\n\n\n<p>But, first, you need to <a href=\"https:\/\/www.google.com\/recaptcha\/intro\/invisible.html\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">get your reCAPTCHA key from Google<\/a>. After you get the keys, enter it in your codes if you are doing it manually, or in the plugin settings if you use a plugin.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1104\" height=\"479\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/google-recaptcha-png.png\" alt=\"google recaptcha.png\" class=\"wp-image-18901\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/google-recaptcha-png.png 1104w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/google-recaptcha-png-300x130.png 300w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/google-recaptcha-png-768x333.png 768w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/google-recaptcha-png-1024x444.png 1024w\" sizes=\"auto, (max-width: 1104px) 100vw, 1104px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"4_Update_WordPress\"><\/span>4. Update WordPress<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You should always update WordPress. WordPress updates are not just for adding features. The updates are released, most importantly, to fix bugs and security holes.<\/p>\n\n\n\n<p>But, what if I run into compatibility issues with my themes and plugins after I update the WordPress? Well, usually, good themes and plugins release updates as soon as the core WordPress is updated.<\/p>\n\n\n\n<p>If the plugins or themes you use haven\u2019t been updated, then it\u2019s time to find alternatives to them.<\/p>\n\n\n\n<p>Majority of websites that get hacked use outdated WordPress or plugins or themes. The out-of-date versions of Plugins might put your website at risk.<\/p>\n\n\n\n<p>So, update your themes and plugins asap! If there are no updates available, change them. You can find plenty of up-to-date themes and plugins in the WordPress repository.<\/p>\n\n\n\n<p>You can also try out <a href=\"https:\/\/rarathemes.com\/wordpress-themes\/\" target=\"_blank\" rel=\"noreferrer noopener\">our WordPress themes<\/a>. We update them regularly so that you don\u2019t have to worry about security issues from the themes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Update_WordPress\"><\/span><strong>How to Update WordPress<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Updating WordPress is easy. WordPress automatically displays notifications on Dashboard if there are any updates for the core system, themes or plugins.<\/p>\n\n\n\n<p>Go to <strong>Dashboard&gt; Updates<\/strong> and click on the update buttons.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"562\" height=\"155\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/wordpress-update-png.png\" alt=\"wordpress update.png\" class=\"wp-image-18902\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/wordpress-update-png.png 562w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/wordpress-update-png-300x83.png 300w\" sizes=\"auto, (max-width: 562px) 100vw, 562px\" \/><\/figure>\n\n\n\n<p>You can also enable auto updates so that your core WordPress, plugins, and themes automatically update themselves for minor releases. You will get email notification when your website is automatically updated.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"5_Disable_File_Editing\"><\/span>5. Disable File Editing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You can easily customize your website with inbuilt code editor in WordPress.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"495\" height=\"249\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/editor-wordpress-png.png\" alt=\"editor wordpress.png\" class=\"wp-image-18903\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/editor-wordpress-png.png 495w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/editor-wordpress-png-300x151.png 300w\" sizes=\"auto, (max-width: 495px) 100vw, 495px\" \/><\/figure>\n\n\n\n<p>However, imagine, hackers somehow managed to log into your website. Now, they can also easily edit your website using the editor. Therefore, it is a safe practice to disable editing WordPress via the editor.<\/p>\n\n\n\n<p>To disable the editor, backup your WordPress first. Then, locate the <strong>wp-config.php<\/strong> file on the back-end of your website. You can find <strong>wp-config.php<\/strong> in the root folder of your website along with other folders like <strong>wp-admin<\/strong> and <strong>wp-content<\/strong>.<\/p>\n\n\n\n<p>You can use FTP-client to connect to the back-end of the website. Or, if you have cPanel access, you could use the File manager available in cPanel.<\/p>\n\n\n\n<p>Now, add the following line of code in the <strong>wp-config.php<\/strong> file and save the file<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>\/\/ Disallow file edit<br>define( &#8216;DISALLOW_FILE_EDIT&#8217;, true );<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>After the file is updated, you won\u2019t be able to edit the theme templates using the WordPress dashboard. You can still modify the themes using FTP or cPanel\u2019s File Manager.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"6_Limit_Login_Attempts\"><\/span>6. Limit Login Attempts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>When you install WordPress, WordPress ask you whether to install limit login attempts plugin or not.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1018\" height=\"511\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/limit-login-wordpress-installation-png.png\" alt=\"limit login wordpress installation.png\" class=\"wp-image-18904\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/limit-login-wordpress-installation-png.png 1018w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/limit-login-wordpress-installation-png-300x151.png 300w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/limit-login-wordpress-installation-png-768x386.png 768w\" sizes=\"auto, (max-width: 1018px) 100vw, 1018px\" \/><\/figure>\n\n\n\n<p>Limiting login attempts is a great way of protecting your website from brute force attacks.<\/p>\n\n\n\n<p>Hackers will try to log into your website with different login combinations. However, if you enable limit login attempts, you are allowing users to try logging in only for a certain number of times, after which the user gets blocked.<\/p>\n\n\n\n<p>If you forgot to check this option during WordPress installation, don\u2019t worry. You can find the plugin in the WordPress repository.<\/p>\n\n\n\n<p>Go to <strong>Plugins&gt; Add New<\/strong> from your WordPress dashboard menu. Search for \u201c<a href=\"https:\/\/wordpress.org\/plugins\/loginizer\/\" rel=\"noopener\">Loginizer<\/a>\u201d, and then install and activate the plugin.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1033\" height=\"431\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-install-png.png\" alt=\"loginizer install.png\" class=\"wp-image-18905\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-install-png.png 1033w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-install-png-300x125.png 300w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-install-png-768x320.png 768w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-install-png-1024x427.png 1024w\" sizes=\"auto, (max-width: 1033px) 100vw, 1033px\" \/><\/figure>\n\n\n\n<p>After activating the plugin, go to <strong>Loginizer Security&gt; Brute Force<\/strong> from the WordPress admin menu to setup login protection.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"859\" height=\"519\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-bruteforce-settings-png.png\" alt=\"loginizer bruteforce settings.png\" class=\"wp-image-18906\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-bruteforce-settings-png.png 859w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-bruteforce-settings-png-300x181.png 300w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2017\/03\/loginizer-bruteforce-settings-png-768x464.png 768w\" sizes=\"auto, (max-width: 859px) 100vw, 859px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"7_Brute_Force_Attack_Protection\"><\/span>7. Brute Force Attack Protection<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Hackers use Brute Force attacks to gain access to the admin panel or FTP accounts of your website. Basically, a brute force attack is a trial and error method. It\u2019s like trying different key combinations to open a lock. Intruders can use botnets to automate the attacks.<\/p>\n\n\n\n<p>To protect your website from becoming the target of brute force attacks, follow instructions 1, 2, 3, and 6.<\/p>\n\n\n\n<p>You can also change the default login URL (www.mywebsite.com\/wp-admin\/) so that hackers have a hard time finding login form in the first place.<\/p>\n\n\n\n<p>You can create custom login URL using a plugin called <a href=\"https:\/\/wordpress.org\/plugins\/all-in-one-wp-security-and-firewall\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">All In One WordPress Security &amp; Firewall<\/a>. After you install the plugin, go to the Brute Force section to enable custom login URL. This plugin has so many features that you won\u2019t even need any other WordPress security plugins if you install this one.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"8_DDoS_Attack_Protection\"><\/span>8. DDoS Attack Protection<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>With so many Internet-enabled devices, the frequency of DDoS attacks has been increasing.<\/p>\n\n\n\n<p>DDoS is a method of overflooding a website\/service with fake traffic with the intention of bringing down the service. Hackers use infected systems (that has malware) to perform DDoS attacks. In 2016, hackers crumpled DYN putting many famous websites like Twitter, Amazon, Reddit, and Netflix offline.<\/p>\n\n\n\n<p>Therefore, you should always be ready to tackle DDoS attacks.<\/p>\n\n\n\n<p>By following the above-mentioned security measures (1, 2, 3, 4, 6 and 7), you are already prepared for DDoS attacks.<\/p>\n\n\n\n<p>In addition to that, I would also recommend using cloud services like <a aria-label=\" (opens in a new tab)\" class=\"rank-math-link\" href=\"https:\/\/www.cloudflare.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CloudFlare <\/a>or <a href=\"https:\/\/www.stackpath.com\/maxcdn\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">MaxCDN<\/a>. They can help you mitigate DDoS attacks.<\/p>\n\n\n\n<p>Similarly, caching your website can also help you protect your website from traffic overload. You can cache your website using plugins like <a href=\"https:\/\/wordpress.org\/plugins\/wp-super-cache\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">WP Super Cache<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"9_Scan_for_Malware_and_Remove_Them\"><\/span>9. Scan for Malware and Remove Them<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Since you are reading my security tips so carefully (I really hope you are), let me tell you something scarier, if you haven\u2019t panicked yet!<\/p>\n\n\n\n<p>Hackers are sneaky! They might have already placed some malware on your web files.<\/p>\n\n\n\n<p>Therefore, you need to scan your web server for malicious files asap! And, remove them.<\/p>\n\n\n\n<p>How to do that?<\/p>\n\n\n\n<p>Plug-in a security plugin. <a href=\"https:\/\/wordpress.org\/plugins\/sucuri-scanner\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">Sucuri Security<\/a> is the best free plugin for detecting and removing malware on WordPress.<\/p>\n\n\n\n<p>If you don\u2019t like to add plugins or want to do complete server-side scanning, subscribe to <a href=\"https:\/\/sucuri.net\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">Sucuri<\/a>. This service costs you.<\/p>\n\n\n\n<p>If you can\u2019t afford Sucuri (I know it is expensive), there\u2019s a freeway. Because I have been preaching to you about all this techy stuff, I think you deserve a treat.<\/p>\n\n\n\n<p><strong>Here\u2019s how to scan and remove malware from your website for free!<\/strong><\/p>\n\n\n\n<p>First, download the <strong>public_html<\/strong> folder from your server using<strong> an FTP client<\/strong> of your choice. Then, scan the downloaded folder using antivirus software (Norton, Kaspersky or something else) on your computer. Make sure the antivirus program is up-to-date.<\/p>\n\n\n\n<p>After that, replace the old <strong>public_html<\/strong> file with the newly cleaned one using FTP. As easy as that!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"10_Good_Webhost\"><\/span>10. Good Webhost<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Web host plays an important, very important, role in the website\u2019s security.<\/p>\n\n\n\n<p>A good web host provides you support and tools to tackle DDoS attacks, Brute-Force attacks, and malware. Therefore, I recommend <a href=\"https:\/\/www.siteground.com\/wordpress-hosting.htm?afcode=898346aaeeed62f6e0276f6da128ed84\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">SiteGround<\/a> hosting because they keep security at high priority.<\/p>\n\n\n\n<p>Generally, a shared hosting plan is more vulnerable because the server is shared with other websites. Hackers can use other websites on the same server to attack your website on shared hosting. This concept is called cross-site contamination.<\/p>\n\n\n\n<p>It is often considered best to get dedicated hosting or VPS hosting, but they are expensive. As a starter, you may not have the budget for it.<\/p>\n\n\n\n<p>Does that mean you risk yourself? No. Even shared hosting can be protected.<\/p>\n\n\n\n<p>A good web hosting companies like <a aria-label=\" (opens in a new tab)\" class=\"rank-math-link\" href=\"https:\/\/www.siteground.com\/wordpress-hosting.htm?afcode=898346aaeeed62f6e0276f6da128ed84\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">SiteGround<\/a> install firewalls like <a href=\"https:\/\/github.com\/SpiderLabs\/ModSecurity\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/github.com\/SpiderLabs\/ModSecurity\" rel=\"noreferrer noopener nofollow\">ModSecurity<\/a>, even in shared hosting plans. Also, they limit the number of websites on a server, and scan servers for malware regularly.<\/p>\n\n\n\n<p>Similarly, if your web host can provide you <a href=\"https:\/\/sucuri.net\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener nofollow\" class=\"rank-math-link\">Sucuri Security<\/a>, it\u2019s a plus point.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"11_Choose_Plugins_and_Theme_Wisely\"><\/span>11. Choose Plugins and Theme Wisely<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Well, choose plugins and themes wisely. That is all you need to know on this topic.<\/p>\n\n\n\n<p>The option to install third-party plugins and themes is what makes WordPress vulnerable to hackers.<\/p>\n\n\n\n<p>Plugins and WordPress themes available on the WordPress repository are safe. But if you need to add some plugins or themes manually, always check for malware, using antivirus software, before you upload them on your WordPress.<\/p>\n\n\n\n<p>Also, before installing plugins or themes, check for reviews and the last updated date.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"12_Remove_UnnecessaryOutdated_Themes_and_Plugins\"><\/span>12. Remove Unnecessary\/Outdated Themes and Plugins<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Always keep your WordPress clean.<\/p>\n\n\n\n<p>If you are not currently using any plugins or themes, and they are outdated, remove them. They might be inviting hackers.<\/p>\n\n\n\n<p>Similarly, go to the back end of the WordPress, and check if you have any unnecessary files by comparing it with default WordPress files.<\/p>\n\n\n\n<p>Or, you could just do a fresh installation of WordPress.<\/p>\n\n\n\n<p>First, backup your databases and WordPress. Then, remove WordPress. And, install a new updated WordPress.<\/p>\n\n\n\n<p>Make sure you inform your visitors during maintenance by displaying a maintenance page.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"13_Secure_htaccess_and_wp-contentphp\"><\/span>13. Secure .htaccess and wp-content.php<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Only the Almighty knows what hackers can do if they access your .htaccess or wp-content.php file.<\/p>\n\n\n\n<p>So, you should always hide .htaccess and wp-content.php file. Even if you don\u2019t know how to code, you can easily secure .htaccess and wp-content.php by inserting some codes in the .htaccess file.<\/p>\n\n\n\n<p>Please keep a backup of the .htaccess file before making changes to it.<\/p>\n\n\n\n<p>Locate the <strong>.htaccess<\/strong> file from the root of your website, and add the following lines of code to it.<\/p>\n\n\n\n<p><strong>Code to hide wp-config.php<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&lt;Files wp-config.php&gt;<br>order allow, deny<br>deny from all<br>&lt;\/Files&gt;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Code to hide .htaccess file<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&lt;Files .htaccess&gt;<br>order allow, deny<br>deny from all<br>&lt;\/Files&gt;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"14_Hide_Sensitive_Information\"><\/span>14. Hide Sensitive Information<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Make sure you remove (or at least rename) <strong>readme.html<\/strong> file after you install WordPress. Readme file will tell hackers what version of WordPress you are using.<\/p>\n\n\n\n<p>Also, if you have created a phpinfo.php or i.php file, I recommend you to delete or rename it. This file contains all the information about your server.<\/p>\n\n\n\n<p>Furthermore, disable directory indexing. Attackers can see the structure of your folders and files with directory browsing. You don\u2019t need to be tech-savvy to do it. Just go to the .htaccess file, and add the following code at the end of the file.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Options -Indexes<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"15_Stay_Ahead_and_Updated\"><\/span>15. Stay Ahead and Updated<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Hackers are always a step ahead of all the security experts. Actually, a security expert wouldn\u2019t even know about a security hole until someone breaks into a system.<\/p>\n\n\n\n<p>Therefore, always keep yourself informed and updated about security news and issues. Follow security companies on Twitter or Facebook, or even subscribe to their newsletters.<\/p>\n\n\n\n<p><a href=\"https:\/\/krebsonsecurity.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Kerbsonsecurity<\/a> is a great blog to keep yourself updated about security issues.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Make the guessing game hard for hackers!<\/p>\n\n\n\n<p>You cannot stop hackers from hacking. All you can do is become prepared for the attacks.<\/p>\n\n\n\n<p>The good guys are working hard to protect WordPress from hackers, but mistakes happen.<\/p>\n\n\n\n<p>Always keep a backup of your website, just in case hackers take over your website. Keep the backup in a safe place(s) (multiple places if possible).<\/p>\n\n\n\n<p>Finally, follow all the aforementioned 15 tips for securing a WordPress site. And keep yourself, themes, plugins, and WordPress updated!<\/p>\n\n\n\n<p>May the force be with you.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There\u2019s been so much news about WordPress websites being hacked lately. And, many people have started questioning the safety of WordPress due to the recent attacks. Therefore, if you own &hellip; <\/p>\n","protected":false},"author":2,"featured_media":32640,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_be_single_description":"","_be_image_uploader":0,"_be_meta_button_label":"","_be_meta_button_url":"","_be_meta_button_newtab":false,"_be_meta_rel_attribute":"","footnotes":""},"categories":[3,16],"tags":[],"class_list":["post-18896","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","category-advanced-tutorials","latest_post"],"_links":{"self":[{"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/posts\/18896","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/comments?post=18896"}],"version-history":[{"count":0,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/posts\/18896\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/media\/32640"}],"wp:attachment":[{"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/media?parent=18896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/categories?post=18896"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/tags?post=18896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}