6 Tips to Secure WordPress from Hackers
20% of all new active websites are now using WordPress as their content management system, and along with this huge increase in WordPress users is a greater increase in websites being hacked. In fact, because this CMS is so popular, more hackers are targeting it and looking for vulnerabilities within the software.
Here are some tips for keeping your WordPress blog safe and secure. Follow these tips so you can keep your focus on blogging and not have to worry about being hacked. After all, you did not start a blog so that you would have to spend every waking minute keeping yourself protected from hackers.
Tip #1: Keep your WordPress installation current
The good people who created WordPress and keep it running smoothly don’t just update the software to keep annoying you. In almost every update there is a security update as well. The most vulnerable blogs are the ones with oldest versions of WordPress. It might be annoying to keep up with all these updates if you own multiple blogs, but it’s even more annoying to try to get your site back after it’s been hacked. So why don’t they just take care of all the security threats with one update? Well, unfortunately hackers are very good at finding vulnerabilities and flaws in any CMS, and since WordPress is the most popular CMS of all, they spend most of their time looking for these blogs that have old versions of the software. Keeping your site up to date is the single most important thing you can do to keep everything hacker free.
Tip #2: Make sure your login is encrypted
Even if you have the most complicated password in the world a hacker can sniff it out with simple browser plugin or extension if you are logging in using public Wi-Fi. Anytime you are accessing your WordPress blog in a public place, whether it’s a hotel, airport, or local coffee shop, make sure your login is encrypted. By default, the CMS does not use encrypted logins, but fortunately in the vast array of plugins there is one that can help solve this problem. The Chap Secure Login plugin is a simple tool which does not encrypt your username, but it does hide your password behind random numbers and will be enough to keep any hacker from seeing your login information. Don’t leave home without this one.
Tip #3: Get rid of any WordPress footprints
Since hackers are targeting WordPress blogs specifically, you will want your blog to hide under the radar. There are certain footprints that make these blogs easy to find, so by getting rid of these clues you can blend in with the rest of the internet and avoid detection by would-be-hackers. The most obvious footprint to get rid of is the “Powered by WordPress” tag in the footer. There are other footprints you can get rid of with a simple security plugin, but most hackers are lazy and will use the most obvious ways of finding these blogs first. Some people suggest hiding common footprints like the “wp-login” extensions and “wp-content” as well, but most of these issues can be solved by using the Bullet Proof Security plugin.
Tip #4: Avoid plugins that are not in the official WordPress directory
This does not mean that any plugin outside the WordPress directory have viruses or bugs, but at least you know that all of the plugins in the official directory have been scanned for viruses and have been found clean. Once in a while a bad plugin is found, but it’s usually rooted out pretty quickly by the community. If you don’t understand and can’t read PHP then you should definitely stay away from independent plugins, since you will not be able to see for yourself if it will cause harm to your blog.
Tip #5: Don’t Allow Brute Force Attacks
A brute force attack is when a hacker utilizes a program to try every possible password combination to hack into your blog. Not only is this a huge intrusion but it also eats up a lot of bandwidth too. You can put a stop to these kind of attacks with a plugin called Login Lockdown. It will record the IP address of anyone who types in the wrong password, and after so many attempts will lock them out so they cannot even attempt another password combination. This is the kind of plugin you hope you will never have to use, but it’s nice to have around.
Tip #6: Backup, backup, backup…
This one should really not be last but maybe it will stick in your head better if it is. By backing up your WordPress site you are ensuring that even if you do somehow get hacked, at least you can get your entire blog back with no problems. There are several plugins that can do this for you if you don’t want to do it manually, including one of the most popular, Backup Buddy. And not only will backing up your WordPress site help protect you from hackers, it will also help you in case something else happens to your blog and everything crashes without notice. A constant regiment of backups will help you sleep better at night.
John Phillips writes about ID theft protection services and helps consumers find the right service to guard their identities, including Lifelock reviews and other companies.