How to Secure Your WordPress Website from Hackers and Keep Your Website Safe!
WordPress is used by millions of website owners and is one of the most versatile ways to build and maintain a site. If my memory is correct, approximately 30% of website owners use WordPress – that’s a pretty big percentage!
It’s developer and user friendly platform however, leaves itself open to potential “break-in’s” and hijackers running havoc throughout your site and costing you in time, effort, money and a lot of headaches.
… and make no mistake, these hackers sleep very well at night. I’ll NEVER understand people that do this! … and never will.
These criminals are relentless, and with unsecured website vulnerabilities running unnoticed, you just have to know these “low-lifes” will be knocking on your site’s door sooner or later, you have to take EVERY PRECAUTION to protect yourself in whatever way you can. I’ve outlined the major considerations for keeping these creeps out and your website safe.
Hardening WordPress against malicious attacks are great defenses to use.
Always Change Your admin Username
Everyone knows that to get to the front door of WordPress all you have to do is type in: yourwebsitename.com/wp-admin. From there it’s just a matter of figuring out the password, since the default and assigned username is always “admin”. Change It !!! If you don’t, the hackers job is already half done.
Make Your Password Difficult
Seems simple, but you wouldn’t believe how many people use passwords that are incredibly easy to figure out. Use a series of letters, numbers and characters to thwart these hacker attempts.
A password like “wkD3ns*9 is a whole lot harder to figure out vs. “123456” or “password” or a name of someone you know, or your birthday etc.
Both the admin username coupled with easy passwords leaves your site wide open for what they call Brute Force Attacks.
Brute Force Attacks can be greatly reduced if you just make the changes noted.
Perform Frequent Back-ups of your Website
This is one of the first things a website owner is taught to do. Back-up your website!
Most people back-up at least once a week, some every day. It all depends on the scope of your site and how often you make changes to it.
I myself use BackWPup, but there are others like UpDraft, Ready! Backup and BackupBuddy (paid).
Here is a great video tutorial on how to backup your WordPress site to a free Dropbox account using BackWPup. (Thanks Craig!)
This will put you at ease knowing that if your site was compromised at all, you can get it back quickly and easily.
BackWPup and Dropbox are both free to use.
Install All WordPress Updates
Keep WordPress and all Plugins updated.
This is a must. Wordpress is always working on security updates, and if you don’t take the time to implement them you may be caught holding the door wide open for intrusion.
The same goes for plugins which are not only a security risk, but can act “screwy” if not updated – who needs that extra headache. If the developer does not keep their plugins current, get rid of them!
Limiting Login Attempts
There are plugins you can add to WordPress that will put a limit on the number of failed login attempts made before they are shut out. A very useful plugin to have, and helps deter BruteForce tactics. Limit Login Attempts will help with this.
Always Manually Approve Your Comments
Automatically approving you comments is a very BAD idea. Take just a little time to manually approve these or your will just be encouraging not only a ton load of Spam, but intrusions as well.
The latest update, WordPress 4.2.1 Security Release is aimed at stopping rogue commenters gain access thru Comments system. It “fixes a critical cross-site scripting (XSS) vulnerability, which could enable commenters to compromise a site” – Please Update !!!
Not only will this help prevent entry into your site by hackers, but it will help cut down on the amount of Spam Comments you get on your site, of which the only purpose is to promote their own usually “scammy” products.
Be Sure Your Website has Secured Hosting
You can take all the precautions available, but if your hosting company does not provide you with the best security around, it’s all for naught.
Scan Your Computer for Viruses and Malware
This should be done on a regular basis for any computer user, but in regards to website hackering it’s even doubly important.
Use a Security Plugin
There are a number of security plugins to use, and I highly suggest doing so. This will help add another layer of protection to your site. Here’s a few of the most popular and effective.
iThemes Security (formerly Better WP Security), is the #1 WordPress Security Plugin with over 600,000+ downloads. iThemes Security gives you over 30+ ways to secure and protect your WordPress site and is fairly easy to use.
Sucuri Security scans your website and detect PHP mailers, injections, malicious redirects, phishing attempts, malware and more.
Acunetix WP Security This plugin checks for vulnerabilities in passwords, theme files, and your admin area.
There will ALWAYS be threats to the integrity of our websites and we can’t protect ourselves 100% of the time, but we can certainly take steps to do as much as possible to help keep the hackers out and make it a lot more difficult to gain access.
It doesn’t take long to implement these precautions and I urge everyone to put this on the top of your “To Do List“.
Learning how to secure your WordPress website from hackers will go a long way in staying one step ahead of these intruders.
Be Safe – Stay Safe!
You’ll be glad one day that you did!