- Internet & the Web»
- Web Page & Web Site Development
6 Easy Steps To Secure Your WordPress Website
WordPress websites are very popular platforms. They are easy to use, have an almost endless variety of features and plugins and as a result are used by people around the world for blogging and an online business presence.
They are also popular with hackers. People who find significant pleasure in attacking and exploiting the weaknesses in WordPress websites.
One thing users very frequently overlook is their website security.
Is your website a WordPress site? Don’t become a statistic. Don’t become one of those people who chooses not think about security until it’s too late.
What can happen if my site is not secure?
A website that is not secure leaves itself open to thieves. Just like when you don’t lock up your car or house. It does not always mean that someone will come and ransack your private property, but by leaving doors and windows open or unlocked you are practically inviting undesirables in.
The same goes for a website.
A site that has been hacked can suffer from loss of content, stolen data, stolen personal details and even stolen customer information and this will result in expensive downtime whilst you recover. In some cases malicious code may be left inside which continues to wreak havoc even after you think you've fixed everything.
Protect your content. Protect your reputation. And protect your visitors and customers.
It is so easy to do. Do it today!
Don’t Use ‘Admin’ As Your Username
Chances are when your WordPress site was first set up, the default username was set to ‘admin’. I’d expect then too that you probably never thought to change it.
Does your website have ‘admin’ as the username?
Hackers look for sites that use the default WordPress admin username because, well, let's think about it. It is half of the information they need to gain entry. When you login, you put your username and then a password. With the username as a given, they just need to work out your password. Now, I have no idea how they do this, and they probably have incredible tools to help them, but they manage to gain access to thousands of sites all the time by cracking the passwords.
Don’t give them the pieces to the puzzle.
The first step in making your site secure is to create a new user profile for yourself (a unique name and a strong password) and make sure you give yourself administrator access and where possible, delete the default admin username.
Everyone struggles with the amount of passwords we need to remember these days. We have pin numbers, computer logins, membership passwords and of course website passwords. No matter how much awareness is raised about the danger of using a simple password such as a phone number, date of birth or a string of numbers from 1-10, people continue to use simple ones because they are easy to remember.
Unfortunately, if a password is easy to remember, it is also means then that it is probably very easy to crack!
The best passwords should be a minimum of eight characters long with a combination of uppercase and lowercase letters, numbers and even special characters like *&$.
To change your WordPress password to a stronger character string, log into your WordPress dashboard, go into Users and choose Your Profile. At the bottom of that page, fill in the New Password fields.
Tip: If you have multiple admins, make this a requirement for every person as each login password presents a potential gateway for hackers to try to enter.
Limit Login Attempts
As mentioned earlier, the way hackers gain access to a site is typically via the login area. Using a clever, free plugin, you can actually limit the number of login attempts that anyone can have. The Limit Login Attempts plugin will block access to your site after a series of incorrect login attempts have been made. When you set this up, you can decide how many attempts you will allow before the plugin steps in and blocks the person.
You can also block people by their ip address, or even visitors from particular countries.
Keep WordPress Up To Date
WordPress are very diligent in providing regular updates as a result of security issues. You'll notice when an update is available as there will be a message notification on the top of your dashboard when you login.
The update process itself is very easy and requires a simple click of the 'update now' button.
Tip: It is always a good idea to back up your website before making any changes; including WordPress security patch updates.
Building A Wordpress Website
Back Up Regularly
Whilst we are on the topic of backing up, it is very important to make it a regular 'housekeeping' task to backup not only your content but your entire database. There are a number of freely available plugins which help you achieve this. WP_DB_Backup is one of the most popular. So too is WordPress Move.
With most solutions you can manually backup or you can schedule it to be done automatically and have the files downloaded to your hard drive, sent to your server via email or stored online.
Tip: Just like saving a document, you will be very happy you have a backup just in case something goes wrong!
Be Selective With Plugins
We have talked a bit about using plugins to help secure your site. WordPress plugins are created by the thousand and are built by independent programmers. Don't just download any plugin to your site. Only install those that are on WordPress.org or those built by reputable sources.
A quick google search will always provide a treasure trove of opinions and feedback on plugins, so do your research, check any available reviews, make sure they are updated regularly and also make sure that they are compatible with your current version of WordPress too.
These 6 tips are things that you can take on board right now to help ensure that your hard work is not lost. Keep your WordPress website secure.
© 2014 AnswerQuestions