Today, one out of every five new websites runs on WordPress. That makes it one of the largest technology revolutions of modern times. But the growth of WordPress as the platform of choice for web designers has also attracted a slew of hackers and viruses. WordPress sites get hacked and compromised every single day, and what’s worse, only 6% of web owners get to realize it. New online research reveals over 60% of WordPress sites will be hacked this year alone or be infected with malware that either causes the site to crash or malfunction altogether. If you are a WordPress site owner, this doesn’t have to happen to you.
Our Top 10 WordPress Security tips will help you keep your WordPress site secure. You can fight back with recently-available tools and techniques.
10 WordPress Security Tips For Beginners
Make Sure Your Username Is Hard To Guess
One big mistake you can ever make is to use “Admin” as the username when you are first setting up WordPress. When a hacker wants to wreak havoc, he will usually have a tool that automatically checks for sites using “Admin” as the username.
This can easily be avoided by using another username. Obviously, you should also avoid a username that is easy to guess. For example, if your name is John Smith, don’t use “johnsmith” as the username.
It is recommended that you choose a username that is as secure as the password mentioned above. However, I would avoid using special characters in my username because that can cause problems in WordPress occasionally.
Even without using special characters in your username, it is still possible to create a secure username for security. And do not forget to write it down somewhere just in case you forget your username.
Unlike your password, the username is a bit harder to change. Fortunately, you can easily do so by installing a plugin called “Admin Renamer Extended.” You can download the plugin for free at http://wordpress.org/plugins/admin-renamer-extended/. Alternatively, you can install the plugin in your dashboard by searching for “Admin Renamer Extended.”
Make Sure Your Password Is Secure
An insecure password is probably the number one sin when it comes to WordPress security. Don’t use your name or date of birth as the password. If you do so, any hacker can easily use brute force methods to hack into your website.
A strong password should ideally consist of a mixture of capital letters, small letters, numbers and special characters. For example, “mypassword” is considered a very weak password. On the other hand, “Kfl456#$uDFl*” is considered a strong and secure password.
Most probably, you won’t be able to remember the password. Therefore, it is important to write it down somewhere.
If your current password is weak, it is time to change it. Fortunately, it is pretty easy to change your password. You can simply do it in the dashboard.
Remove Unwanted Plugins
You need to remove any plugins that are not beneficial to your blog. Usually, if most of them are not even working, you can remove them because most of the hackers use these outdated plug-ins to find access to your blog and it becomes a weakness.
The advice here is that you must not use any plug-in that is not updated on a regular basis or they are not yet tested with the newest version of WordPress. Always keep in mind that being updated is always the best preventive measure.
After going through the basics, the next thing is to look for more advanced security options.
The Security of your Web Host
If you want to have a secure environment, do not use free hosting. You need to invest some money for your hosting. This WordPress Security Tutorial recommends that you should make sure that the web host is offering basic security features and make sure that it has good reviews from its users.
Secure your Computer
Well, we are actually talking about WordPress but what is the sense of doing security checks and upgrades if your own computer is at risk of hackers. There are malicious files that can encrypt key loggers on your computer. When this happens, they can easily access everything that you type on your keyboard. You can find a lot of good antivirus programs on the Internet. Just look for a credible antivirus program or ask experts about this.
Always update your WordPress, update all your plug-ins, themes and others. This WordPress Security tips recommends you check for any update alert on a daily basis. After the alert of updates appears on your screen, update it immediately. WordPress security is one of the primary goals of the developers, so they make regular updates to fix bugs, security holes and vulnerabilities on their system. It means that every update made can increase the protection of your website.
Backup your Files
You can look for software that will backup your files and database. If hackers unexpectedly hack your website, you can easily restore your website with the use of your backup files and change everything that has to be changed.
According to the WordPress Security measures, the security of your blogs depend on how you handle them.
Protect Your Website From Brute Force Attacks
One of the wide spread methods that hackers use to hack into a website is brute force attack. You can avoid this by using a plugin called “Better WP Security.” You can download the plugin for free at http://wordpress.org/plugins/better-wp-security/.
Once you activated the plugin, you can configure the login options. For example, you can lock out an IP address if the user key in the wrong password three times in a row.
Protect your .htaccess File
The .htaccess file is the gatekeeper of your website. It is a hidden file which gives you the power to determine the access of all files. Where is this file located? It is available in the root directory, and you have to enable the “Show Hidden Files” option to view it. Once you are there, insert the .htaccess protection code (which you can easily find on Google) into the file.
Disable Directory Listings
When you are inside of .htaccess, you should disable the directory listings too. Once the directory listings are off, it will prevent others to list the components of your website. This means it will become harder for hackers to find loopholes and vulnerable files.
Apply the above tips as the WordPress Security tips directs and your site will be secure.