It is said that 25% of websites operating on the Internet are created with WordPress, so it should come as little surprise that hackers are constantly trying to exploit its weaknesses. Botnets (small programs that try to log into a website by plugging in common usernames and passwords) were created to hack into WordPress sites using brute force attacks. You would be shocked at how many attacks are taking place as you are reading this article. Their goal is to gain access to your site! Let’s make sure you are doing the simple things you can to protect your WordPress site. Here are five simple things you can do!
- Create unique admin usernames: During the WordPress installation, you are asked to create a username. It is important that you create something unique (other than your personal name or the word “admin”). It is best if you create a longer username and something with numbers in it. If you already have a username like admin, it is important to delete it and replace it with a new one. This is pretty easy to do. Login into your dashboard and create a new user with a more difficult username and password and give it admin privileges. After this has been done, log out with the old admin account and try to login with the new account. Make sure it can do everything your other one did. Then go to the user’s area and delete the old one. It will ask you what you want to do with the posts and pages associated with the old account. You don’t want to lose them so just attribute them to the new account. Don’t forget to store the new username and password somewhere so you don’t forget you created it.
- Create strong passwords: Having a unique username is key, but don’t neglect the other part of your login. Choose a difficult password. Definitely avoid easy number combinations and words like “password,” but also try not to use the common examples listed here. Pick something that has upper and lower case letters, numbers, and special characters. It should also be at least eight characters to really lock down your account. I would suggest you think of a sentence that will help you remember this weird string of letters and numbers. For instance for a password Md8tBpb!, you could remember the sentence “My dog 8 (ate) the Big paper bag!” If that doesn’t work, buy a password program or store them in a different location.
- Keep WordPress, Themes and Plugins updated: It is important that you always keep your WordPress, themes, and plugins updated to the newest version. New releases not only offer new features but also security patches.
- Install Security Plugins: There are a few main areas you need to address. I suggest that you find a plugin that limits the number of times that someone (make sure it is based off an IP address) can enter in a bad username and login. This will help protect you from bot-type attacks. I also suggest that you find a plugin that secures your database and file permission. There are a number of options out there so do your research or click here to learn more about these security plugins.
- Prepare with Backups: It is always good for you to have a current backup downloaded to your computer. That way, if something happens, you can easily recreate your site from scratch. There are many different options out there. I personally recommend the Duplicator Plugin because it is comprehensive (complete site back up including images) and free!