WordPress is a fantastic platform for building websites, and it is estimated around 20% (and growing by the day) of websites use it.
However, due to its popularity, hackers have been increasingly targeting WordPress sites.
WordPress is, on its own, fairly secure. However, with a few easy steps you can make it even more secure and ensure your site is protected.
Here, we detail 5 top tips for securing your WordPress site.
CHANGE ADMIN USERNAME
By default, WordPress automatically generates the admin username at installation, meaning that everyone has the same username – a dream for hackers!
Change the admin username to something unique to you, and combine this with a strong password (not “password” or “abc123″!).
To change the admin username simply create another user with their role set as “administrator” and then delete the old “admin” user. If you have posts published by the user “admin” then you can assign these to the new user you have created.
This is an essential security tip – if you haven’t already done it, do it now!
USE LOGIN LOCKDOWN PLUGIN
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
By default the plugin will block access from an IP address for an hour after 3 failed login attempts within 5 minutes – this can be changed in the plugin settings.
KEEP WORDPRESS UPDATED
It is vital that you ensure you update WordPress to the latest version whenever a new one is released. A new update will fix vulnerabilities which have been exposed in earlier versions.
If you don’t update the WordPress core you will be leaving yourself open to attacks, as hackers will tend to target WordPress sites which are using old versions as they will have known security issues.
Make sure you update as soon as you see a message about a new version of WordPress being available.
ONLY DOWNLOAD THEMES & PLUGINS FROM REPUTABLE SOURCES
We would recommend only downloading free themes and plugins from the WordPress directory, as you can be sure these have a core level of security.
Many free themes that you can download just by searching “free WordPress themes” in your search engine will contain malicious code that can cause all sorts of problems.
USE A WORDPRESS SECURITY PLUGIN
A security plugin is a great way of securing WordPress as they can guard against many different issues such as preventing malicious code injection, scanning for problems and backing up the database, allowing you to get back online quickly if anything did go wrong.
We recommend using Wordfence Security – it is easy to install and will really beef up your site security.
Contact us if you need further clarification or help with your web design or visit our support centre for further free expert online advice and support.