3 Tips For Securing Your WordPress Site

Most people have a less than vigilant attitude when it comes to website security. They think.. “Hey, why would anyone want to hack my website anyway?”

Well even if you don’t have much traffic or income at your site, you need to take steps to secure it.

Because most hacks are not personal in nature, they are done by bots and scripts designed to seek out and affect the largest number of websites possible.

These bots do not distinguish sites personally, they simply look for vulnerabilities and attack.

And yes, they have motives. In fact, there are lots of reasons for hacking even small mom and pop sites including…

1. To send spam from your server (that’ll get you blacklisted)
2. To install malicious code that spreads viruses to your visitors (so they can steal from them)
3. To add web pages that steal your search engine ranking

4. To steal your affiliate commissions 5. To steal your traffic

And the list goes on and on.

“Botnets” use hundreds of thousands of unique IP addresses (from compromised/hacked ‘Zombie’ computers across the world) to attack hosts across the globe, specifically targeting WP Blogs.

So how can you protect your site?

Well, at the very least you should take the following three steps:

1. UPDATE WORDPRESS REGULARLY

WordPress security holes are regularly addressed and fixed with each new version.

That is why it is important you always update WordPress to the latest version.

The older the version of WordPress you are using at your website, the more susceptible your site will be to attacks.

Luckily this is quite easy. WordPress introduced a new feature in 3.7 that performs updates automatically.

When you install WordPress simply choose to have updates performed automatically to patch security bugs and errors that have been found.

2. KEEP PLUGINS AND THEMES UPDATED

Bots love to target themes and plugins with security flaws.

In fact, more than half of successful WordPress hacks are a result of security holes in themes and plugins.

That’s why it is important to pay attention to the plugins installed and activated on your website.

Always deactivate unused plugins and remove them.

Also be wary of plugins that have not been updated within a year or so and try to use only plugins that are updated regularly.

3. LIMIT LOGIN ATTEMPTS AND DON’T USE ADMIN OR THESE PASSWORDS:

Automated bots mainly target /wp-login.php and /wp-admin to try and get access using brute force.

That’s why you should limit login attempts via the plugin you can choose when installing WordPress.

And never use the hackers main username target for login attempts — the default username “admin”.

Change it to something else and delete the admin username. Then choose a STRONG password.

The top passwords targeted include some fairly obvious one’s, so make sure you’re not using something as weak as any of these:

admin

123456

666666

111111

12345678

qwerty

1234567

password

12345

123

123qwe

123admin

12345qwe

12369874

123123

1234qwer

1234abcd

123654

123qwe123qwe

123abc

3123qweasd

123abc123

12345qwert

If you are using one of these passwords, then you may already be hacked and not know it!

Again, one of my main sites was hacked a couple years ago and I didn’t know they were stealing my traffic for months!

So again, the most important thing you can do right now is:

1. Keep WordPress updated regularly and automatically
2. Update plugins and themes regularly and automatically
3. Limit login attempts with the free plugin that comes with WordPress installs
4. Make sure you don’t use admin as your username and choose a super strong password.

 


Copyright © Ro's Blog