It is said that 25% of websites operating on the Internet are created with WordPress, so it should come as little surprise that hackers are constantly trying to exploit its weaknesses. Botnets (small programs that try to log into a website by plugging in common user names and passwords) were created to infiltrate WordPress sites using brute force attacks. You would be shocked at how many attacks are taking place as you are reading this article. Their goal is to gain access to your site! Let’s make sure you are doing the simple things you can to protect your WordPress site. Here are five simple things you can do!
1) Create Unique Admin User Names: During the WordPress installation, you are asked to create main admin–a user name. It is important that you create something unique (other than your personal name or the word admin). It is best if you create a longer user name and something with numbers in it. If you already have a username like admin, it is important to delete it and replace it with a new one. This is pretty easy to do. Login to your dashboard and create a new user with a more difficult username and password and give it admin privileges. After this has been done, log out out with the old admin account and try to login with the new account. Make sure it can do everything your other one did. Then go to the users area and delete the old one. It will ask you what you want to do with the posts and pages associated with the old account. You don’t want to lose them so just attribute them to the new account. Don’t forget to store the new username and password somewhere so you don’t forget you created it.
2) Create Strong Passwords: Having a unique user name is key, but don’t neglect the other part of your login. Choose a difficult password. Definitely avoid easy number combinations and words like password, but also try not to use the common examples listed here. Pick something that has upper and lower case letters, numbers, and special characters. It should also be at least eight characters to really lock down your account. I would suggest you think of a sentence that will help your remember this weird string of letters and numbers. For instance, for the password Md8tBpb!, you could remember the sentence My dog 8 (ate) the Big paper bag! If that doesn’t work, buy a password program or store them in a different location someplace.
3) Keep WordPress, Themes, and Plugins Updated: It is important that you always keep your WordPress, themes, and plugins updated to the newest version. New releases not only offer new features but also security patches.
4) Install Security Plugins: There are a few main areas you need to address. We suggest that you find a plugin the locks the number of time that someone (make sure it is based off an IP address) can enter in a bad username and login. This will help protect you from bot-type attacks. We also suggest that you find a plugin that secures your database and file permissions. There are a number of options out there, so do your research or click here to learn more about these security plugins.
5) Prepare with Backups: It is always good for you to have a current backup downloaded to your computer; that way, if something happens, you can easily recreate your site from scratch. There are many different options out there. We personally recommend the Duplicator Plugin because it is comprehensive (complete site backup including images) and free!