How To Secure WordPress From Hackers
Millions of web sites are built on WordPress and that number is increasing everyday. A side effect of WordPress’s popularity is that it is now a prime target for hackers. By following these simple steps on how to secure WordPress you can massively reduce the risk of your site being hacked or even taken offline.
Only download the WordPress installation files directly from the official WordPress.org website. It may sound obvious but we have seen many examples where people have downloaded “beta” or “testing” versions from 3rd party websites or forums. These unofficial versions can contain viruses, callbacks or even malicious scripts designed to record your log in details.
Auto installers such as Fantastico or Softaculous use the official versions, so are also considered trusted sources.
WordPress – Always keep your WordPress installation up to date. As new vulnerabilities are found WordPress release software updates. These protect your website from newly discovered security holes or even bugs fixes within the software. Major updates can include new futures.
Plugins – These can also become out of date and open your website up to possible vulnerabilities. Always update plugins and other 3rd party content as updates are released from the developer. These are often released soon after official WordPress updates.
3. Usernames and Passwords
The easiest way for a hacker to gain access to your site is to guess your username and password. Always create a new user with admin rights and delete the original admin user account. Pick a strong password that is unique to your WordPress website. Never share your log in details, even to support staff. Instead consider creating another account with limited permissions. This way only you know the admin username and password and you can delete the support account when the required work or help is complete.
4. Extra Layers Of Security
Simple Login Lockdown will monitor invalid login attempts and if the preset number of invalid logins is reached the attacking IP address will be blocked for a period of time. This plugin can also help protect against DDOS attacks on the WordPress login pages.