Keeping your WordPress site secure

WordPress has revolutionized the internet and provided easy-to-use access to millions of users with limited development capabilities.  While it is perhaps one of the most useful tools out there, it is also one of the most vulnerable.  WordPress works with a coding language called PHP (Hypertext Preprocessor which allows for scripts to be integrated into the site’s pages and executed on the server to generate HTML content.  This means the code is more concise and easier for developers to work with, and allows for that neat Dashboard Control Panel on which you can control every aspect of your site content.  There are so many pros to this type of site software, and one really big caveat: if your developer can manipulate the PHP to generate a beautiful site for you, a hacker can manipulate the PHP to redirect or even destroy your site.

All content-managed software is at risk, but as WordPress is the most widely used, it is the most commonly targeted.  Not just the core software, but also many common plugins. generally screens all plugins offered through their library, but that’s not 100% foolproof.  Recently a hacked version of the ever-popular anti-spam plugin Akismet was loaded into the public directory and downloaded by tens of millions worldwide, resulting in a hacking crisis.  I personally saw two websites hacked within a week of its release.  Luckily, it was an easy fix, and the developer immediately released a clean version to the public to correct the problem.

No one is fully protected, but you can take several measures to avoid spam and malware and make your site an unattractive target for hackers.  Below are some simple and effective ways to secure your site.  Also check out 4 Ways to Secure Your WordPress Website

1. Complicate your admin password.  90% of hacks I’ve dealt with are caused because of a username “admin” and a overly simple password like “4321”.  This makes your site extremely vulnerable to what are known as brute force attacks, where the hacker just bombards your login page with likely combinations until they hit upon the correct one. Bite the bullet and create a very complicated password – the more random the better. A good admin password should be at least 12 characters, have at least one capital and one lowercase letter, one number, and one symbol (*$#@).

2. Install a security plugin. Better WP Security is one of my favorites.  It let’s you hide your login page, limit login to an IP address, and will lock out anyone attempting to crack your login with brute force attacks.  It will also provide you with several tips on how to secure your site and gives you options to complete those tasks within the plugin options. Limit Login Attempts is another highly recommended plugin that I install for all of my website clients. This plugin prevents brute force attacks by locking out any user that is trying to repeatedly gain entry to your admin panel by guessing your password.

3. Keep your software updated. New software and plugin releases not only include bug fixes, but also security enhancements to combat the most recent hacking techniques.  Old software is vulnerable! Sign up in the sidebar to the right to be notified when new security updates are released or when a common plugin presents significant security risks.  We will NOT share your information, and we will only notify you regarding WordPress security issues.