Blog

Tips to Defend Your WordPress Website from Hackers

Tips to Defend Your WordPress Website from Hackers

Many small to medium sized business owners rely on internal staff to maintain their WordPress website, even if it’s not their area of expertise. Often WordPress websites are used due to cost considerations as the entry point for website development can be less with this system.  One key consideration, however, when using a large scale platform is hacking attempts.  Because of the number of hacking attempts, it is important to take precautions to ensure your WordPress website is safe from attacks.

WordPress makes it so easy to manage site content that 26% of all websites in the world use WordPress. With all those websites it’s a hacker’s favorite target.  If they can hack a WordPress site, they know they can get access to 1000’s of sites. In fact, according to Forbes, it’s estimated that 30,000 websites a day are hacked, largely to begin distributing malicious code or to attempt to access credit card information. With this potential, it’s in your business best interest to protect your site the best you can and make the process extremely difficult for would-be hackers.

Here are a few ways to protect your WordPress site from unwanted hackers.

Tips for Keeping Your WordPress Site Safe

Create Strong Passwords

It is important to create passwords that aren’t easy to guess. Don’t use your name; pet’s name or birthday. There are several programs that can create passwords for you Strong Password Generator, Passwords Generator, or Norton Password Generator among others.

Older versions of WordPress came with the default manager area username always being “admin”. Many developers didn’t bother to change the default. This makes it easy for hackers, who only have to discover the password. Have your developer change your username in the WP database to something much more unique.

Change passwords frequently, some suggest changing passwords every 3-4 months. Passwords should be at least 8 characters long and made up of upper and lowercase letters, symbols and numbers. Frequently changing your password makes it difficult for hackers running a brute force attack on your site.

Keep all your passwords in a safe place—NOT on your computer. I use a password manager LastPass to keep all my passwords safe. LastPass works for mobile devices and desktops.

Update to the Latest Versions

Newer WordPress versions (3.7 and later) automatically update. If you need to manually update to the newest WordPress version, do it from within the WordPress site Manager area. Don’t download WordPress from any other third party Web site.

WordPress releases new versions as soon as vulnerabilities are discovered. Make sure to update to the newest version to combat the latest common security issues.

Limit Login Attempts

If you’ve forgotten your password or username, don’t attempt to log-in incessantly. This can make the site vulnerable to brute force attacks.

Installing Login LockDown or Login Security Solution will limit log-in attempts protecting it from hackers.

Using .htaccesscopy can block the computer IP addresses of those that fail to login in after a certain number of attempts.

Security Options

Many hosting companies offer added security programs. Before deciding on a security plan, do your research find out the best option, the cost and what they offer.

Back Up Your Site

Protect your WordPress site by backing it up.  Should hackers take over your site, you can do a fresh install of your last backup without disastrous repercussions.  There are backup plugins that can be added for a small feel that can make this process automatic and simple.  I recommend UpDraft Plus.

Make sure that you don’t leave your WordPress vulnerable by to hackers and spammers. By using these few tips, you can increase your WordPress website security.

Need help to maintain your WordPress website? I can help.

Resources