WordPress is one of the most popular blogging platforms on the web today for a lot of reasons. It is easy to use, open-source, affordable, and highly customizable.
These great features have resulted in WordPress being the product of choice for 10s of millions of site owners all over the world.
While the success of WordPress is a testament to its quality, it has also made it a huge target for hackers, spammers, and every other cyber conman you can think of.
Anyone who owns a WordPress site MUST become familiar with ways to keep their sites secure. Security is a concern even if your site is some tiny little blog that is visited only by lovers of porcelain giraffes. Hackers and spammers will come knocking sooner or later. If you are prepared, you can minimize the risk of damages.
If you are not prepared – you may wake up one day to see your site defaced or all of its content permanently erased and your users’ personal information stolen.
Take the following steps to make your WordPress site more secure:
Change the default administrator username. The default administrator name for WordPress sites is “admin” – change it immediately. If you leave it as admin, it is one less thing someone needs to hack to break into your site.
Create a strong password. A strong password looks nothing like a word or a recognizable number. It looks like a bunch of gibberish. This prevents hackers from guessing your password by comparing it to a list of known dictionary phrases. You can bet the bank they have fr33dom in their dictionary but not iyu#78@76*&4.
Update WordPress frequently! And, I don’t mean once or twice a year. All of your themes and plugins must be updated as soon as updates are available. If a plugin author has released an update, that usually means that botnets are already scanning the web for sites that have NOT updated. Update early. Update often.
Get a security plugin. There are a handful of truly good free WP security suites that are installed as plugins. They take care of all the common security threats and help protect against the not-so common ones. I personally use WordFence as it is free, regularly updated, and provides a wide range of security options.
Cut off some of the problems at the root. It is no secret that a lot of the attacks on WordPress sites originate from China, Russia, and the Ukraine. Completely blocking people from these countries can ease a lot of headaches, but if you have legit visitors from these areas it might not be a possible solution for you. Use plugins that allow you to block users based on their geographic location.
Only install the plugins and themes you need and get rid of the ones you don’t. I know that the WordPress plugin directory can make you feel like a kid in a candy store. Prune your unused or inactive plugin. Remember, less is more “secure.” You don’t need every fancy theme, widget, and plugin out there to run a good site. All you need is good content. Every new plugin or theme is a potential backdoor into your system.
“The price of freedom is eternal vigilance,” it has been said. If you want to run a WordPress site, or any site, you need to be vigilant. No matter how small your site or obscure the topic, if it can be taken over, it will be taken over. You might not even realize it until you get a nasty letter from your hosting provider or get banned by Google. So take the time now to implement the above six steps and sleep a little better tonight.