Updated: November 12, 2016
WordPress is one of the most popular blogging platforms around. Which means it is a very vulnerable target for hackers and spammers. There are many things that can make your WordPress site vulnerable: plugins, themes, and WordPress core. If you are using old versions of plugins and themes, or WordPress itself, then your website runs at risk of easily being hacked into.If you run a site that gets
If you run a site that gets low traffic you may be thinking “what do I have to worry about? I have no important data or files for them to be interested in hacking my site!” Wrong. Hackers and spammers do not care whether your site gets high traffic or low traffic. They’ll hack any site they can get into and cause damage that can take time to fix. Once they’ve hacked into your site they can use your server to send spam emails, resulting in your IP getting blacklisted.
If your website is a business site —an online store, for example— they can steal user information, passwords and distribute malware to said users. Imagine all the time, effort and money that could be wasted if your site does get hacked? Nobody plans on getting their site hacked but by following these simple steps, you can improve the security of your WordPress site and reduce the risk of getting hacked.
Keep WordPress up-to-date
By updating your WordPress every time there’s an update available, you reduce your site vulnerability. Every WordPress update addresses security holes that have been identified. If you’re using an old version of WordPress, then your website is more vulnerable to attacks. The same goes for themes and plugins. When there’s an update available, you can see it as soon as you log in it’ll be on your dashboard page with the “Update available” banner. Just click on it to start updating. Before updating your WordPress site with a new WordPress version, make sure to always backup your site in case something goes wrong.
Don’t use admin as your username
WordPress uses the default username as “admin”. Now, you have the option of choosing your own username during the installation process. Even though users have the option to change, they still decide to stick with the “admin” username. Many hackers are aware of “admin” being the default username so this just leaves them to guess your password correct and they’ll have entry to your site. By changing your username from “admin” you’ll make it harder for a hacker to gain access to your site. If you’ve already installed WordPress and chose “admin” as your username, you can download a username changer plugin to change your username.
Limit login attempts
To limit login attempts, download plugins like Login Lockdown. This plugin records the IP address of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. You can choose the number of failed login attempts to have before it locks out. You can choose the lockout length, as well. You can also manually unban any users — like actual admins that tried logging in but failed — thus resulting in them getting locked out.
Hide your login page
Just how hackers know that “admin” is the default username, they’ll also know that the default login page is “yoursitename.com/wp-admin” or “yoursitename.com/wp-login.php”. You can change the location of your login by downloading plugins like WPS Hide Login. You can change your URL to anything you’d like ex: “yoursitename.com/jackandjill” this would be your new login URL you would go to log in to your WordPress
Use strong passwords
Believe it or not, users are still using easy-to-guess passwords like “password” or “123456”. These passwords are so easy to guess, you’re practically welcoming a hacker into your site if you go with an easy password like those. This article shows the top 100 most common used passwords. If your current password is on that list, you should probably be thinking about changing it to a stronger password. To change your password to something stronger, click on the “edit my profile” button. From there, you can use the password generator to generate a new, stronger password with lots of characters and numbers to make it even harder to guess.
Use a two-factor authentication plugin for two means of identification when logging in. The Clef plugin provides password less two-factor authentication that is highly secure and easy to use. You can authenticate using your mobile phone.
I highly recommend FastWebHost as a good and secure WordPress hosting provider.