WordPress is an excellent application used the world over. This unfortunately makes it also a target for hackers. There are some very simple steps you can take, completely non-technical, that can help secure your WordPress blog.
1. First things first. Eliminate all known vulnerabilities. Now.
Update your WordPress installation to the latest version. This is the absolute most important and most effective first step. Do it now.
2. Don’t make your WordPress blog so easy to target
Install WordPress in a folder rather than document root, this makes it slightly more difficult for large scale hackers to find your system files. There are so many root installations of WordPress to keep hackers busy that the effort returned finding sub folders is not usually worth it.
3. Do not delete the admin account. Yes, you read it correctly.
So we need to secure admin, do this by creating a new administrative user, then downgrade the admin account to subscriber. This will make it impossible for a hacker to administrate your site using admin. By not deleting the admin account the hacker is kept busy trying to guess the password and the focus is away from the ‘real’ administrator account.
4. Control failed login attempts.
Lock the account after a number of failed attempts. This will render dictionary attacks on your account pointless for the hackers. Use a plugin such as Login LockDown to control failed log in attempts.
5. Implement easy eveyday plugin security
Use some WordPress security plugins such as Stealth login, AskApache password protect and WP security scan.
6. If they get in – don’t let them take you out
Take regular backups. Should a hacker gain access at least you don’t permanently lose your site. You will be able to restore, tighten up and continue. Don’t let them take you out!
7. Honestly, this is the step that is most often ignored
Have an absolutely ridiculously difficult to guess password. Have some numbers, uppercase and lowercase letters and maybe a punctuation mark or two. They’ll never guess it – maybe not even with a quantum computer.
Security is an ongoing job, it is never complete. There are other ways using file permissions, .htaccess with IP restrictions that can further secure your blog but these are a little more technical. So, be on the look out for part 2.
We hope you enjoyed this article and found the information useful. Happy blogging!