Thanks to its huge community of developers that create thousands of themes and plugins, a website using the WordPress CMS is very flexible. Unfortunately, this also creates many avenues of exploitation by the skilled hacker. Try the following suggestions to harden your WordPress site against hackers:
Use A Strong Password And Avoid The Default Admin Username
Guessing your username and password is a very common method employed by hackers. It’s simple and direct and only requires the use of automated software that systematically permutates various password combinations until it finally gets a successful login. The longer and more complex your password, the more difficult it is to guess it.
When setting your password, use the maximum number of characters allowed and use upper and lowercase letters as well as numbers and other characters. Your password should be a very long string of gibberish. Gone are the days when you could use your name spelled backwards or any kind of password that you can easily remember. You should also avoid using the default admin username because many people are too relaxed to bother changing it and hackers know this.
If your website is visible in the search engines and has been up for an appreciable length of time, the odds are good that this method is being used against your site.
There are security plugins available that limit the number of login attempts to a set maximum. These plugins also keep a log of the blocked attempts. Many people when using this plugin for the first time, often find the stats on this log to be very shocking. If nothing else convinces you to strengthen your password, viewing the number of login attempts made on your site will.
Use The Latest WordPress Version
When a new WordPress version is released, it is often done to patch up one or several security holes. Therefore it’s a prudent choice to keep your WordPress version up to date. After logging into WordPress, a message will appear at the top of the dashboard that alerts you to any new WordPress updates.
Use Themes And Plugins With Care And Keep Them Updated
Always use the latest versions of your theme and plugins. The reason for this is that the latest versions may include security patches. Be very careful about using free themes and plugins because some of these may have been created by a hacker. Using these is a calculated risk which can be minimized somewhat by doing careful research. Do the themes or plugins have numerous users and do they have a high rating score?
Make Frequent Backups
Make frequent backups of your website and database. While your hosting provider may do this, you should also make your own independent backups. There are a number of plugins that will do this for you.
If you have any questions about WordPress security or about content management systems in general, please don’t hesitate to contact us.