I love using Wordpress to power my websites, but any time
you use a CMS you are going to have security issues. The good news is
that Wordpress is more secure than ever and releases security updates all the
time to take care of these loopholes for hackers. The bad news is that
there are still some vulnerabilities that can leave your blog exposed to evil
doers. Here are some helpful tips for securing your Wordpress site
with just 5 minutes of your time.
Keep your plugins and installation updated
If you have a lot of WP sites it might be hard to remember to update them all, but this is the single biggest reason sites get hacked. They forget to update and hackers target those sites. There’s a reason Wordpress comes out with a new update, and it’s not just for their health. For this reason you don’t want to advertise the current WP version on your site in the footer either. If you forget to update your blog in a timely manner it could make you a target when a hacker does a search for that particular version of WP. Besides, updating your site literally only takes a minute or two.
Change your username
By default your Wordpress username will be “admin”. This makes it easy to remember, but it also makes it easier for hackers to get into your account. If they already have half of the equation they just need the password to gain access. And with “brute force attack” software programs that use every password under the sun to try to access your site, you want to give them as little information as possible. Fortunately, it’s not that hard to change your username and you can do it all within Wordpress without having to access your database.
First, you should create a new username and give it all administrative privileges. Then you can log out and log in using your new user account. Then you can delete your “admin” account and WP will give you the option to transfer all of your posts under your admin account to your new account. It’s really that easy and only takes a minute of your time.
Move your wp-config file
If a hacker has access to your wp-config.php file you may completely lose all of your posts, comments, and data on your site. It is vitally important that you try to protect this file. By default, hackers know exactly where to find this file since it’s the same in every Wordpress installation. So by imply moving it to another location you can make your site that much more secure. But be sure to move the file up only ONE folder. Usually it will be under the public html folder so you will want to move it one folder above the WP install. This will keep both hackers and bots from being able to find the file, keeping you more secure and it only takes a minute or two.
Check out some security plugins
It might take you more than 5 minutes looking for a security plugin to use to help protect your blog, but 3 of the most popular ones to check out are WP Security Scan Login Lockdown and Secure Wordpress. Setting up Secure Wordpress literally only takes 20 seconds and it does some pretty techy stuff. Another to check out is the BulletProof Security plugin which guards against SQL hacking attempts as well as guards your htaccess files and other important files on your site. In my opinion this one is a must. The Login Lockdown will prevent a brute force attack by blocking an IP address the repeatedly tries to guess your password. And the Secure Wordpress plugin is a good all-around plugin for your blog’s security. It only takes a couple minutes to get everything set up and it’s free.
Of course you will want a backup plugin as well because no matter what you do no one is ever 100% hack proof. Just in case you lose your entire site you will want a way to get everything back the way it was, and plugins like Backup Buddy helps you do that. Just make sure you keep them up to date as well.