WordPress is the world’s most-used content management system (CMS) and blogging software. It is user-friendly and makes maintaining your website a breeze. However, like all CMS’s, it’s file and content structure allows for invasion if not properly secured. Hackers often insert malware that can destroy your site or redirect to another site (often an unsavory one). A site that has been hacked runs the risk of losing customers and readers, and getting black-listed by Google, ruining any SEO valuation you may have had. I’ve been told that taking steps to secure your site is like taking vitamins, but repairing a hacked site is like performing open heart surgery. It’s obvious that taking a few basic precautions can save you hours of your time and hundreds of dollars. Keep reading for four easy ways to improve your site’s security.
Regularly Update WordPress
One of the most powerful but often overlooked solutions for keeping WordPress safe from hackers is to make sure the your site software is regularly updated. WordPress releases contain updated security functions that will help your site stay safe amid the most recent hacking strategies. Update your plugins as well, and be sure to make a backup of your site before each update just in case.
Strengthen Passwords
One way in which hackers can break into your WordPress site is by using software that will run a script attempting to login using obvious usernames and passwords. The best way to counteract this is to upgrade your password’s security. Avoid any words or names, especially anything related to your domain name or ‘easy to remember’. I would also recommend avoiding LEET-speak (substituting numbers and symbols for letters, where “Jimmy” = J1mm7 or “stone” = $t0n3) as well.
For the most secure password, create a truly random string that includes at least 10 characters, including upper- and lower-case, as well as a few numbers and symbols. Example: s&g4Ne)sPC. Keep this password in a safe place and copy and paste it when you need it. NEVER use the same password for your admin login as you are using for your cPanel login or database password.
For additional security, you can also change your admin user name if it is currently set at “admin” which is a default and thus will be the first phrase that hackers will try. Changing an established username requires PHPmyAdmin. Contact your host company or web developer to complete this step for you if you are not familiar with the process.
Install an Encrypted Login Plugin
You can install a plugin through the Dashboard to protect the login process on your site. Such a plugin would encrypt the process and require human interaction which prohibits a script from breaking through.
Chap Secure Login: this plugin uses an algorithm called SHA-256 to protect your username and password.
Login Lockdown: this plugin blocks IPs that record repeated failed attempts to access your site (usually caused by a malware script).
RetinaPost: a CAPTCHA plugin that requires users to enter highlighted characters from a phrase rather than try and decipher screwed up text images or do maths challenges. Particularly effective for use with the comments system.
Hide “Powered by WordPress”
You can make things tougher for hackers by not advertising the fact that your website is “Powered by WordPress”.
This phrase is found in the footer.php file and can be reached through the Dashboard by selecting Appearance > Editor. Different themes will require different methods for removing this text, so you should check with your developer to plan the best approach and avoid any coding errors.
BluErth Design stays afloat of WordPress core software and plugin updates, and security news regarding these updates. If you’d like to be notified when a new security update is released or when a common plugin presents security issues, please complete the form below. We will NOT share your information, and we will only notify you regarding WordPress security issues.