WordPress is the blogging platform of choice at the moment and continues to keep its title in that regard for the future too. But as with anything that gains popularity in this world it becomes more prone to attack than less well known blogging platforms. And with WordPress you need to take your security seriously from the start or risk losing your business and all the hard work that went into it.
Here’s a random fact to make you sit up and pay attention – there are several hundred thousand attempted WordPress hacks every single day. And a lot of them are successful because people don’t know how to protect their blog from even the most basic of hacks.
So here’s a few tips to make sure your WordPress blog is as secure as it can be:
Beef Up Your Password
People keep their passwords as simple as possible to make sure they don’t forget them. The problem with this strategy is these same passwords are probably just as easy for a hacker to either guess or bust wide open with a brute force hack.
Your passwords should be a mixture of numbers and letters (alphanumeric) and extra characters but not just the old style of password like “password55” for example. Instead a more secure password would be “!pa55w0rd?*” – the fact that there’s numeric values in the middle of the password and extra characters included is going to make it far more secure.
1. The main things not to do are:
- Don’t use your SSN as your password.
- Don’t use your birthday or any other obvious personal information as your password.
- Never write your passwords down (yes some people still do this).
- Never share your password with anyone else.
2. No Default Usernames
Don’t use or be tempted to use the default username of “admin” for your WordPress blog. A brute force hack will find this in seconds and after that it’s just a matter of cracking your password. If you haven’t taken the time to change the default username you probably haven’t bothered to create a particularly secure password either. Using a default username for WordPress is just painting a bulls eye on your blog.
3. Keep WordPress Updated
WordPress is updated on a regular basis to remove security holes in the software. The team at WordPress have made it very easy to do this and have placed the update notification right in front of your on your WordPress dashboard. It takes a few seconds to run the update and your blog is now more secure than it was before – these updates aren’t something you should ignore.
Every WordPress blog owner should be using this – it’s a really useful plugin that looks at the IP address and timestamp for every failed login attempt on your blog. After a certain number of failed login attempts then you’ll no longer be able to login to WordPress from that IP address, which is a very neat way of discouraging any brute force attacks. Administrators can unban the IP range through the admin panel.
5. WP Firewall
As the name suggests this is a plugin that acts like a firewall for WordPress – it looks at any suspicious incoming traffic and can detect the most obvious hacking attempts and block them. This isn’t a solution for keeping your software updated on a regular basis but it will help keep your blog far more secure than it was before you installed this plugin.
As you can see most of the WordPress security measures you need to take to protect your blog are more common sense than some new super plugin that takes care of all the thinking for you. Until AI takes over the human brain is still the most complex piece of “machinery” on the planet so use it to your advantage and take care of the obvious things like usernames, passwords and updates on your WordPress blog.
This guest post is written by Lior Levin, a marketing consultant for a web hosting company that details the top 10 website hosting companies that are available online. Lior also consults for a start up company that specializes in a to-do list tool for businesses and individuals.