WordPress is one of the most popular content management systems in the world. It is open source and is worked on by thousands of developers all over the world. Although this makes it a great platform to use, you should be just as diligent about security as you would any other platform.
When your blog gets hacked, all kinds of unpleasant things may be done to your site including things you may not see. These may be malware that infects your traffic. Hidden links may be installed which may point to dangerous or unsavory sites. The hacker may simply opt to delete everything on your site. Anything can happen, so don’t wait until you get hacked before you make your blog secure. Protect your site by taking these security measures.
Change The Default Admin Username
Hackers often try to log into your WordPress blog by using brute force methods. They typically use scripts that try to guess your username and password and make repeated attempts until it finds a combination that works. They always try the default admin username. If they get this right then they are halfway finished with logging in. It’s best to use unusual names. It’s even better to use a long and complicated set of gibberish characters. Now it is true that you won’t be able to remember it when logging in, but since you will be using a complicated password anyway, then a complicated username doesn’t add to the inconvenience. Details about changing your username are given at the wordpress.com site here.
Strengthen Your Password
If you are using a password that you can remember, it’s too weak. If your password isn’t at least eight characters long and uses numbers, upper and lower case letters, and special characters, it’s too weak. Since you are going to use a password that’s impossible to remember, you might as well make it 30 characters long. While the extra length increases your security, it doesn’t add to the inconvenience. Copying and pasting 30 characters isn’t any more difficult than 8 characters. Details about changing your password are given at the wordpress.org site here.
Always Use The Latest WordPress Version
Whenever a security vulnerability is detected in WordPress, an updated version is published that takes care of it. After logging into WordPress, look for a message/link at the top of the dashboard. It will be in an off yellow colored field and will say “WordPress ### is available! Please update now.” Update by clicking on the link. If you are already using the latest version, then you won’t see this message.
Create Regular Blog Database Backups
Ask your hosting service if they do this on a regular basis. If they don’t, you will have to do this yourself. This is easily done by installing a plugin called WP-DB-Backup.
Keep Your Theme And Plugins Updated
Sometimes hackers exploit vulnerabilities in specific themes and plugins, so your best defense against this is to keep them up to date. If you have any plugins installed that you aren’t using, delete them.
Use A Plugin To Limit Login Attempts
A good way to frustrate a hacker who uses brute force techniques, is to install a plugin that limits the number of login attempts. When the attempts exceed a number that you set, the login page will lock down for a set time period. Limit Login Attempts plugin does this.
If you are having difficulties adopting the above security measures, consult with your wordpress developer. He will likely have even more methods to further secure your WordPress blog. If you have any questions, don’t hesitate to contact us.