Countless websites running on the WordPress platform have been attacked by hackers who use brute force techniques to get into websites and wreak havoc.
Overtime I have learnt to take security seriously. Some of the lessons I learnt were unpleasant but they provided me with the knowledge to be able educate you on the simple steps you can take right now to make you site safer.
Daily I get between 20 to 50 authorized login attempts on this site www.ademike.com alone, from different countries of the world not to talk of other websites I manage. It is perhaps possible that a hacker halfway across the globe is trying to hack into your site at this very moment …
If you are a website or blog owner the safety of you WordPress site should be of utmost priority. Here is a list of the basic steps to protect your WordPress site (s). Consider this list a checklist, they are in no particular order, so if you come across one, two or more of these that is not part of your current security arsenal, stop reading and go implement it NOW!
- Keep up with Updates Always: WordPress updates are released to fix bugs introduce new features and most importantly, to patch security holes. Same thing goes for the various themes and plugins you use on your site. If you are not using a specific plugin or theme, delete it from the system.
- Change Username: This is one of the essential security measures for preventing your site from being hacked. If you still use the same default WP username “admin”, you are indirectly helping the hackers. So it is better to change it into a more difficult and memorable username.
- Maintain strong passwords: Do not procrastinate on this one. The password you use should be a minimum of 8 characters long having a random mix of numbers and letters (upper and lower case) and should not feature any complete word. It will be safer to change this password every 3 months to make it more difficult for any hacker who has a brute force program running on your website.
- Remove WordPress Version: Make life harder for hackers by removing the WordPress version from being displayed to the public. By default most of the themes have the WordPress version which has to be strictly removed. But some of the WordPress developers even display them, helping attackers to exploit the known vulnerabilities on that particular WordPress version.
- Hide Plugins: Protect your WordPress Plugins directory by creating an empty index.html file and then upload it to wp-content/plugins/. By this, no one can access your plugins. There is possibility for the Hackers to hack your blog if they discover an out-of-the-date or vulnerable plugin. Another way is creating .htaccess file and upload. Note the new versions of WordPress are having index.php already in different folders like themes, plugins, uploads etc.
- Registration: Unless you have a revenue sharing blog or Guest Blogging feature it is good to disable the registering feature in your blog. For this go to General Settings page and turn off the ‘Anyone can register’ option. Or you can restrict the permissions/authorization capacity of anyone registering so they don’t have much control.
- Choose a Reliable and Secure Host: often, a good place to start when it comes to website security is your hosting environment. Find a host that put security as one of their priorities because gaining access to your website through the host server is the ultimate backdoor pass. From here the hacker may be able to overcome almost all of your security measure with ease.
- Change the Login URL: Download this wps-hide-login plugin which allows you to create custom URLs for logging in, logging out, administration and registration in your WordPress blog, This will prevent malicious bots and hackers from accessing your default wp-login.php file.
- Secure Sources: Download WordPress themes and plugins from trusted verified source by checking the identity of the owner and popularity of the theme or plugin, and the site. If a theme or plugin is not being updated regularly and if you a not paying for support, then you should be wary of such themes or plugins.
- Regular Data Backup: back-up of your website file and database regularly. Data integrity is critical for backups. Keep this backup safe so that if your site is compromised, you will have something that can help in rebuilding the site and possibly can also aid in determining how the site was compromised.
- Treat your website like your room: if you have old themes and plugins you are not using anymore, especially if they are not updated, you basically have to deactivate and delete them. I believe you will not leave dirty or old cloths hanging around in your room for days. So clean up and organize your files like you would your room. It will keep you safe.
- Stay Updated: stay on top of what is going on out there. Early detection is the best prevention. Be on the lookout for security issues affecting the web. Don’t think that security issues are only affecting those other sites. They could just as easily be affecting yours. Be vigilant.
Did you find this information helpful? Don’t hesitate to drop your comments.