In the last few weeks, there has been an unprecedented attack on sites powered by WordPress.
Here’s a few easy Steps to Secure WordPress
1. Change the default Admin user
When you install wordpress newly, it creates a default user with administrator powers named ‘admin’. This poses a serious security risk. You should install the WP Better Security plugin and use the feature to update not only the ‘admin’ user but the 1 user id.
2. Use a strong password
This is very important. A strong password is made up uppercase and lowercase letters and some symbols and should not be less than 12 characters in length. If you find it hard to remember passwords, you can use a password management program. There are so many of them, LastPass is a fantastic browser add-on that saves countless hours and truly makes you and your sites more secure. It is free and is availaible on several platforms, both desktop and mobile. Change your password NOW!
3. Always keep WordPress Core Files and your Plugins Updated
This cannot be over stressed! Keeping WordPress updated can help you stay ahead of the hackers and the vulnerabilities their discover in WordPress. The WordPress core team is always working to keep the software ahead of the curve, so always ensure to that you update regularly. This also extends to your plugins.
4. Make Regular Backups of your WordPress Site
Having backups of your site can help you if your site goes down. With a backup at hand, you can easily come back online and get your site running again as soon as possible. You can also back it manually via your cPanel.
5. Use WordPress Security Plugins
WordPress by itself is quite secure but you can still extend its security with the use of some very powerful and useful plugins. On all my wordpress sites, i use BulletProof Security and Limit Login Attemptswordpress plugins. BulletProof Security helps to make my wp-admin folder much more secure by creating a .htaccess file in the root of /wp-admin, why Limit Login Attempts does not allow more than 3 login attempts from any single IP(you can change this number in the plugin’s settings).
6. Use the 5G Htaccess blacklist from Jeff Starr
This is a .htaccess file containing hundreds of bad IPs and rules on how your site should handle them. The 5G blacklist is meant to replace your normal .htaccess file in your wordpress root. It also logs unauthorised attempts to log into your site. You should check it out.
7. Use a Good Webhost
I wonder what could have happened if my site was not hosted on a strong server that could withstand the attack. You should make sure that your site is hosted on a secure and strong web server. This site is currently hosted on Arvixe Webhosting and am not complaining.
There are so many other things you could do to protect your wordpress site from brute force attacks and other hacks, but the above tips are the ones I have implemented on my sites. The WordPress Codex has a nice article on WordPress Brute Force attacks and there is also another on the Securi blog if you still need more info on how to protect your wordpress site.
Please share this article with your friends to alert them on the current security risk so that they too can protect themselves.
Do you have any other tips you use to protect your wordpress site? Please feel free to share with us in the comments.
Give us a call and we can help you Secure your WordPress website today.