So you have a lovely new shiny WordPress website. Have you thought about how to keep it safe? Website hacking is a huge problem and often one which is overlooked by a lot of businesses. It`s not just about hackers stealing information that`s stored on your site, they can also use it to send spam emails, install malware or temporarily serve illegal files. And this is why it is important to protect you and your site right now.
Hackers use special programmes to search the web, looking for the best websites to hack. Once you`ve been hacked, it can also be a long and sometimes costly process to sort out the problem. Like all things, prevention is better than cure, so how can you keep your WordPress website safe and reduce the risk of attack?
- Strong Password – It may sound obvious, but by choosing a strong password you cut your hack-ability risk substantially. It has been suggested that a lower case password takes just 10 minutes to crack, but it you add in some more letters, symbols and numbers the time taken extends to 44,000 years! Password generators can be a good way to find a password, and remember that you need to cover every aspect of your website, as well as every user. The default username `admin` is another area of weakness, so make sure that you change is to something more unique as another barrier.
- Where Can People See Your Username – When you are posting on your author archive pages on your site, is your name coming up? This is a clever way that a potential hacker can find out your username. WordPress, by default will show your username in the URL of your author archive page – it will look something like this http://yoursite.com/author/yourusername. You can change this in your database, by changing the user_nicename entry.
- Stay Updated – WordPress work hard to keep their sites secure and safe and often release updates to try to address new ways that their sites are coming under attack. Often hackers will specifically look for WordPress sites with outdated versions as they are much more vulnerable. Make sure that when there are updates to do, that you do them promptly to keep your site as safe as possible. This is applicable for not just new versions of WordPress but also for themes and plug-ins.
- Use Secure Hosting – When you`re looking for a host for your website, make sure that you do your research. Don`t go by price alone, check out whether they are a reputable company, and if possible, go with recommendations. You may end up paying a little bit more, but the peace of mind and security that this gives you will be worth it.
- Security Plug-Ins – There are many WordPress security plug-ins available which can add an extra line of defence for your site. Have a look at what is out there. Here are some of the most popular –
WP DB BackUp – this allows you to back up your coreWordPress databases quickly. If you can get used to regularly backing up, if you do happen to lose any information, you will have recent data to get back.
WP Security Scan – this will regularly scan your website for potential security risks and then help to get rid of them
Log In Lockdown – after you have specified the number of log-in attempts that you can risk, this will lock out anyone who exceeds this from the same IP address. Although hackers will try from different IP addresses, this is another line of defense.
Ask Apache Password Protect – adds additional layers of security to stop hackers getting access to your admin panel.
The security of your WordPress site should be your number one priority. Whilst the majority of your security measures can and should be set up when you are first creating your site, there are a few things which should be regularly updated. By following these steps you will massively cut the risk of being hacked.
Head of Marketing
The Internet Marketing Academy
(Image courtesy of Dollarphotoclub)