Internet marketers love using WordPress web sites. There are a huge number of themes already designed to allow you to sell your goods and services or monetise your blog from ads or sponsorships. You can customise and update your site without needing to know any programming whatsoever. You can easily find plug-ins to perform any function you desire, from including a customer forum to integrating with a shopping cart. However, the flip side of this popularity and common underlying structure means that the sites are vulnerable to hackers in a way that individually developed sites are not. The following tips will make your site more difficult to hack, so hackers are more likely to look elsewhere.
Tip #1: Rename the admin account
In order to hack a site, hackers need to know both a userid and a password. If they can guess the userid, they can use brute force to find the password. The obvious guess for a userid is “admin”, the default userid that comes with a WordPress installation. To fix this, from your dashboard, select Users and add a new administrative user. Log off, log back in as the new user, and delete the admin userid. If you like having your posts labelled as from admin, you can change the display name of your new userid to admin.
Tip #2: Use a difficult password
As mentioned under the previous tip, the userid is only half of the information needed by hackers. The other half is the password. If you use a simple password, such as 1234567, or a word that can be found in the dictionary, their automated programs can easily discover it. Similarly, the password should not be anything that someone can guess based on your social media posts. For example, if you talk about your dog a lot, don’t use your dog’s name as your password.
Tip #3: Limit logon attempts
One of the best ways to prevent someone from guessing your password using the brute force method is to limit the number of logon attempts before the account is locked. The plugin to accomplish this is called Limit Login Attempts. To install it, from your dashboard, select Plugins, and search for Limit Login Attempts. Click on Install, and once it has been installed, click on Activate.
Tip #4: Don’t advertise that it is a WordPress site
Get rid of the “Powered by WordPress” usually found in the footer of the site, as well as the Meta links to log on to the site. This will remove the visual signals that the site can be hacked as a WordPress site, preventing casual hacking, although the underlying WordPress structure will still show up if hackers are crawling your site with robots.
Tip #5: Stay current
All of your plugins as well as the theme you use and the WordPress software itself are frequently updated when security violations become known. WordPress notifies you of updates automatically every time you log in, which can be installed with a single click. Remember to back up your files prior to updating.
The Internet Marketing Academy