Do you fear that upon visiting your website one day, you’d be greeted with a message left by a hacker on the site? God knows how long the message has been there and how many people have seen it. It might still be OK if your reputation has just been tainted for a while but what if your contents have been removed, your website made inaccessible and your customers’ details have been stolen?
The LinkedIn hack incident being the most recent one, where 6.5 million credit card details were stolen. It is safe to say that being hacked is every web owner’s worst nightmare!
There is no surefire way to deter hackers, what you can do is to beef up security and make it tough enough for the hackers to crack through. Hopefully they’ll give up when they discover that you’ve made things tough for them but if they do succeed, at least you had put up a fight! So here’s what you can do to secure your WordPress website from hackers:
1. Choose a strong, long password
Everyone knows how important a strong password is but why they do not come up with one remains a mystery. They can even tell you that a good password would consist of upper and lowercase letters as well as numbers and symbol.
But these same people possibly have passwords such as 1234 or a1b2c3d4. Some think that birthdates and car plate numbers are safer choices but these aren’t the best choices especially if your personal details can be gotten online.
2. Change the ‘admin’ user name
WordPress comes with an admin user by default. The hackers now only have one challenge, which is to decode the password, as they already have the ‘admin’ as the username. Remove this login name but you can still retain the admin rights; simply create a new account with the desired rights.
3. Change the security keys
What keys? There are keys in WordPress?! For those who are not aware that their WordPress blog has security keys, you can think of these keys as the gateway to your site. With these keys, it will be more difficult to break into your site, just as how a thief would find it difficult to get into a home without a key.
I’m not going to go in detail here on how to change the keys, but you can read up more instructions on WordPress official website and do it yourself, no techie knowledge is needed.
4. Update, update and update
Lazy people can be protected from hackers too without doing much. If you are not keen on codes and such as those mentioned above, then keep in mind to always update WordPress to the latest version, as well as your themes and plugins. Its important that you download the latest Wordpress version and have the same updated regularly.
Updating is simple; you will be notified whenever a newer version is available and you’d just need to click here, click there, install, run and done! Updated WordPress, themes and plugins always come with newer security features which will replace the earlier or outdated ones.
5. Limit log in attempts
Hackers are human too and they don’t possess supernatural ability or manage to obtain your password all the time. Sometimes, they’ll just keep entering possible passwords in a trial-and-error attempt. By installing a plugin called Login Lockdown, you will be able to prevent hackers from entering subsequent tries once a certain number of failed attempts have been made!
Since they can’t try anymore password combinations, they would have to leave your site.
6. Backup your website
After doing all the steps above, remember to periodically backup your website. This includes the database, images, and your WordPress themes (which you might have made customizations to). At the very least if your website does get hacked, you will still have copies of your website instead of having all your work and data gone forever!
Every effort must be made to keep hackers away. It is simply a nightmare having your website compromised and everything gone. Even worse is if financial and transaction data is stolen. Security doesn’t come easy but with the above measures taken you can sleep at night knowing that hacking won’t be easy too!
17 comments
Important tips Jasmine,
Username “Admin” certainly very common and one should change it instantly. Plus by using updated version of wordpress always keeps you blog safe.
You are right. Non of my blogs are using the username “admin”. It’s just too easy to guess!
Last Friday, our demo server was blacklisted by Google. I came to know about it, when one of our potential customer reported that our template demo site was showing a red warning on Google Chrome. I was like, WTF ?
Well, I started investigating and deleted all the extra FTP accounts, changed all the passwords. Found that, the .htaccess files on all the folders had a weird redirect code to some bloody russian website. Slowly I found that, all of the folders had this file. I started deleting them and it took an hour to clean it up. Then after few hours, I found the same .htaccess files were again at the same location. I was sure, the hackers must have placed some backdoor file, which is doing this nuisance. Since, this server had more than 85 Joomla websites, it was absolutely impossible for us to start checking each file one by one to find the infected file.
First of all, we upgraded all the websites to the latest Joomla version and then started checking again. The .htaccess files were still getting created.
Finally, what I did was, downloaded the access.log for the server. I found a lot of continuous POST commands from Mozilla PC user agent. Damn, I knew this was it, since I use mac full-time!
There was one file which had a long encoded code and this file location was in such a location, which even my grand children would have skipped it. Phew!
Deleted it and we are good now.
Thanks for sharing this with us , glad you figured out the issue and sorted it 🙂 this can be a serious nightmarish experience
Good tips Jasmine. I didn’t know about the keys. Will have to check that out.
Thanks.
Yes – Having your wordpress site hacked is not fun. And it can be really damageable to your online reputation and image. And most people whose sites are hacked is due to their plugins etc. that s out of date. I really can’t stress how important it is to update your wordpress site regularly.
Great tips Jasmine, also Asma give a very good tip that you must upgrade your wp version and your site is safe.. very nice both of you..
Thanks for sharing..
Great blog post Jasmine, this things should be enough to secure wordpress website from hackers. But do you recommend any good plugin maybe?
thanks for sharing
Very good tips on how to secure a Wordpress website. I think the easiest measure which everyone should do is change the login name admin to something else. This is the first step.
Thanks for sharing your tips, Jasmine.
Great WordPress security tips, Jasmine. I am sure there are some basic steps which every blog owners should be aware of, for example, do not use the “admin” username, and do use a strong password.
Also, we must always update our WordPress to the latest version and do not install pirated themes, instead always download themes from the official websites.
Ali, do practice the tips which Jasmine is sharing here. I am sure these will make your blog more secure and no more hacking in the future! Good luck.
These tips are invaluable to anybody who owns at least one WordPress blog. Letting it go outdated might be your downfall.
Great WordPress security tips I started deleting them and it took an hour to clean it up. Then after few hours, I found the same .htaccess files were again at the same location.
I used blogging security plugins to secure my wordpress site and I don’t login to my site using other pc…
Oh, these are good steps to take to make our website more secure, especially do not login on other PCs. Good tips.
By the way, I am running a free web hosting giveaway from WebhostingHub. Do check this out on my website.
Impressive Tips Jasmine. I am using Login Lock Down and BPS To protect my site from hackers. And daily i take my database+files backup to secure myselfe to lose my datas. Tough we should always check if is there any loophole is or not.
Thanks for this Tips.
Updates and patches are very important because they help provide protection over recently identified security problem areas. This explains the insistence on antivirus being up to date.