10 Easy Ways to Secure Your WordPress Site Against Hackers
No-one ever thinks they’ll get hacked. But it happens more often than you might think. In fact, 90% of American companies say they’ve been hacked.
There’s no worse feeling than getting logged out of your own site. All your content and hard work gone in an instant. For some websites, it can mean the loss of income. For others, such as online stores, it means losing private customer data.
WordPress sites are particularly at risk. With 75 million WordPress sites out there using similar resources, it’s impossible to plug every hole. Not only that, but WordPress relies on open source plugins and themes which are susceptible to hacks.
With a few simple tricks, however, you can stop hackers dead. Here’s how:
1. Pick a Strong Password… Seriously!
This might sound like an obvious piece of advice, but it’s the first thing that hackers will try. Busting through a password is called a ‘brute-force’ attack. It simply means trying thousands of combinations until one works.
A complicated password makes this process almost impossible. According to security experts, it only takes 10 minutes to crack a 6-character, lowercase password. That’s pretty scary, right?
Add an extra character and throw in some capitals, numbers and symbols, it will take hackers 4 years. Make it 9 characters and vary the symbols, it will take 44,530 years.
You can also try adding two-step verification, which requires a password and confirmation of a code sent to your phone.
2. Get Creative with Your Username (& Then hide it From Your Site)
The most common WordPress username is ‘admin’. Brute-force hackers will simply try this username with thousands of password combinations until one works.
Change it to something unique, ideally something you don’t use anywhere else.
On top of that, make sure your username is different to your WordPress ‘author name’ if you post blogs. Otherwise, it’s easy for hackers to find your admin username.
3. Never Stop Updating
The WordPress update notifications can get a little irritating, but there’s a good reason for them!
You’ll get regular updates from your plugins, theme and WordPress itself. It means they’ve tightened up their code, improved performance and – most importantly – closed any security loopholes.
Old versions of your software are much more susceptible to hackers and infiltration. One trick you can use is setting your plugins and theme to auto-update. That way, you’ll always stay up to date.
4. Upgrade Your Web Hosting
Bulletproof security always starts with your web host. Most common web hosts are ‘shared’. In other words, you’re sharing resources with countless other websites. That means there’s a much bigger chance of hackers getting in.
The easiest way to improve security is by upgrading to ‘Managed WordPress Hosting’. Managed hosting is specifically tuned to WordPress, making it much more secure. It also updates your backend automatically, keeping everything up to date. It’s always working to close security holes.
At the very least, make sure you read plenty of hosting reviews and choose a host with strong security credentials.
5. Check Your Plugins Before Downloading
Anyone can build a plugin and make it available to WordPress users online. It’s one of the great things about WordPress and it means there are nearly 50,000 plugins available.
Unfortunately, it also means they’re a target for hackers. In fact, they’re responsible for more than half of all WordPress vulnerabilities. Not every plugin is built securely, and it’s possible for malicious code to sneak onto your site via a plugin.
The first rule is always buy or download from respected sellers. Never install a pirated plugin! Secondly, do your research before installing. Does it have great reviews and ratings? Has anyone else reported security problems?
6. Do a Regular Spring Clean
We all have disabled plugins we haven’t used for months. Or themes we installed before settling on our favorite. Unfortunately, these dormant plugins and themes can pick up vulnerabilities if not regularly updated.
Take the time to delete any plugins or themes you’re not using.
7. Limit the Number of Possible Login Attempts
As I mentioned earlier, hackers will often try the brute-force entry. If you change your settings to allow just five login attempts, hackers will run out of options pretty quickly.
You can do this with a simple plugin. LoginLockdown is a pretty useful option but there are a few others out there. After five attempts, it simply blocks any further attempts from that IP address.
8. Activate a Security Plugin to Scan for Vulnerabilities
The worst thing about WordPress security is that loopholes can hide in the deepest corners of your code. Instead of combing through your code and systems yourself, let a plugin do it for you.
One option is Security Ninja which tests more than 40 vulnerable areas of your website. It highlights the weakest areas in red and tells you how to fix them.
9. Backup, Backup, Backup!
No matter how many precautions you take, there is no guaranteed way to prevent hackers. For that reason, you should always backup your website and all of its content. (Ideally to the cloud and to a hard-drive).
A good web host should offer timed backups, allowing you to revert your website to a previous version. This one really is a life-saver!
10. Don’t Forget To Keep Your Hardware Safe
Some of the biggest hacks in history came from hardware hacks. Just ask the NASA employee who lost his laptop, leading to the hack of 10,000 personnel files!
If you have auto-fill options on your WordPress login, a stolen laptop would give a hacker easy access to your website and all the data within it.
Take extra precautions when traveling with your laptop or tablet. Encrypt your smartphone and any other devices that may be vulnerable.
There is no silver-bullet when it comes to WordPress security. Hackers will always come up with new ways to attack vulnerable websites, which means we need to stay one step ahead!