Protect Your WordPress Site From Hackers
1. Delete the username “admin”
The default username when creating a WordPress site is “admin.” Most people keep this username. This makes it dead easy for hackers to guess your username. Then they are already half logged in to your site.
So delete any account with the username “admin.”
Note: if the account with username “admin” is the only user that currently has Administrator-level access, you won’t be able to delete it until you first create and login with a different Administrator-level account. WordPress needs to ensure that there is some way to access Administrator functions for your site.
2. Strengthen Your Password
Hackers use software to instantaneously test every word in Wikipedia against your password. So anything that is a real word or name in any language should not be used. Any logical or significant number sequence should not be used.
That means don’t use your pet’s name, your kid’s birthday, or anything else that vaguely makes sense.
The best passwords include a random arrangement of uppercase and lowercase letters, as well as numbers and symbols. In other words, they should be gibberish.
You can use a password generator to help you do this – just make sure to save your passwords in a secure place.
So go now and change your website login password to something really incomprehensible. Ask other users to do the same.
3. Delete and Update
WordPress has a bit of a bad rap for being “insecure.” In fact, a WordPress site only becomes insecure when you fail to keep it up to date. Any part of your site that is not updated to its latest version presents a security risk. Hackers find vulnerabilities in sites through outdated files, themes and plugins.
So go now and make sure that you are updated to:
- The latest version of WordPress
- The latest version of all installed plugins
- The latest version of all installed themes
4. Limit Login Attempts
At illuminea, we install a plugin like this on all our clients’ WordPress sites: the Limit Login Attempts plugin. It’s really a clever little thing-a-ma-jig.
One of the common ways that hackers attempt to gain access to a site is by using software that bombards the login page with an infinite number of username and password combinations, until they strike gold. And if you are not following steps 1 and 2, they will strike gold pretty fast. This was how the Brute Force attacks were so successful in destroying many WordPress sites in 2013.
That’s the beauty of this plugin: it limits the number of times that anyone can attempt to login to your site within one single hour to some reasonable human number, like five.
If you are the forgetful type, set it to 10
So off you go to search for and install the “Limit Login Attempts” plugin on your site.
Comments
Post a Comment