WordPress is the go-to software for millions of websites around the world.
Its developer-friendly system makes it easy for almost anyone to do almost anything, and that is a big reason for its popularity. However, WordPress’s popularity is also what makes many WordPress-driven sites attractive to hackers.
Because of the way WordPress is set up, getting invaded by a hacker could be a simple matter of forgetting to change your default admin configuration. If you don’t change the configuration, then anyone can get to your admin page simply by typing in “.com/wp-admin,” and then cracking the password.
Here are some precautions that you should take to protect your WordPress pages.
Take Care of Yourself First
Not all attacks will come straight to your WordPress site, some could come through the computer you use to build and administer the site. On today’s internet, you don’t just have to worry about viruses; you also need to worry about people accessing your data through public Wi-Fi or even on your home network.
Thanks to the high demand for internet protection, you can find several packages, in a wide range of prices, from multiple providers. You may even have access to a free or discounted internet security suite from your internet service provider.
When looking for an internet security suite, you should first look for an established name with reliable reviews. For example, internet security from Trendmicro.com, Norton, and BitDefender, consistently get high scores from PC World and Top Ten Reviews.
While price can determine which product you can afford, you should avoid going on price alone. A free product isn’t much help if it can’t give you the protection you need. It’s better to find a good product and then search for discounts form the manufacturer, or from reputable sites like Amazon.
Once you have taken care of the security on your computer, here are some other options for protection.
Change the Admin User
Instead of using the default admin account, create a new user, under a new name, with admin permission. Once you have done that, delete the old admin account and use the new admin account.
If you have already installed the website under the “admin” username, you can still change it to make it less visible to hackers by using PHPMyAdmin.
Limit the Number of Login Attempts
Hackers don’t have to know your password to get in; they just have to use brute force techniques like running a program to make multiple login attempts until it finally gets it right. In some cases, that could be a matter of minutes.
By using the plugin called Limit Login Attempts, you can stop someone from attempting multiple logins, and even ban their IP for several hours.
Use Difficult Passwords
One of the first things we learn about passwords is that they should be unique, but easy to remember. Unfortunately, easy often takes precedence over unique and the end result we end up with a bunch of passwords with family names, birthdays and anniversaries, and multiple variations on “Password.”
Security experts recommend creating passwords that look like random strings, which are highly effective, but also very, very hard to remember.
A good middle ground would be to use a phrase that makes sense to you, but might sound like nonsense to someone else. For example, the phrase “16Sod!umDk” seems like gibberish, but you know that it’s a play on the Batman theme song:
• “Na” is the periodic label for sodium;
• There are 16 Nas in the song;
• Dk stands for Dark Knight – the other name for Batman.
Back Up Early, and Often
Backing up won’t prevent a hacker from getting in, but it will make it a lot easier for you to restore your site if someone gets in and wreaks havoc – like when hackers redesigned the Westboro Baptist website. While things like that can be funny when they happen to someone you don’t like, it can be a nightmare if it happens to you and you don’t have a recent backup.
On average, you should backup your website at least once a week. You can buy a WordPress plugin, like BackupBuddy, or use a reputable free product to do the job.