23 May 5 Ways to Keep Your WordPress Website Protected
Here at The Maltings Studios our web designers spend a lot of time ensuring the websites we design, build and host are safe from hackers. It is an ongoing and continual part of being web designers. So how can you keep your WordPress website or blog safe?
Before we list our top 5 ways to ensure the safety of your website. You should first understand how hackers work.
First of all, it would be fair to say that you have not been individually targeted. If you are a small or micro business, it is just unlucky that something about your website caught their attention. Your website was caught up in a vast net that trawls the internet day and night. Most hacking operations are automated and are attacking sites all the time.
Now that your website has been flagged up, they begin to start analysing and trying to understand the website’s makeup, for instance what platform is it built on ie Joomla, Drupal, WordPress? Once they have identified and understood your website, they can begin to exploit any bugs or lapses in security.
So how did your website get caught? More likely than not with a WordPress website it will be something simple. It could be one of your plugins playing up or your WordPress has not been updated to the latest release. So what can you do to protect yourself from hackers?
The Maltings Studios web designer’s have 5 golden rules that are easy to implement and will reduce the risk of your website being hacked in the future.
1) Always keep your WordPress updated with the latest version – enable auto-updates
2) Never use the default username ‘admin’
3) Use strong passwords that contain a random mix of numerals, letters and punctuation
4) Update your plugins regularly
5) Limit login attempts
Updating your WordPress to the latest version
The easiest action you can take to deter hackers is to keep your WordPress updated to the latest version. Why? Every new release from WordPress includes a list of bugs that has been fixed. Hackers use this list to target all those websites that have not updated to the latest version. Don’t let that be you! Remember to enable the auto-updates or just do it manually when you are notified of a new release.
Never use the default username ‘admin’
This is really basic but so many web designers forget this simple rule, never use ‘admin’ for your main administrator account login. Use something silly, funny, interesting, anything but admin. If you do want to change this you will need to add a new user and delete the original one you created, but please make sure you read up on this before undertaking this procedure.
Use strong passwords
This is just common sense, never use passwords that are easy to guess. Putting 12345678 is not a password, it is more like a passport to being hacked. Make it bloody difficult for anyone to guess your password. Try using the following as a guide to a strong password:
• Use a random mixture of numerals, letters and punctuation
• Use upper and lowercase
• Try using at the very least 12 characters
• Avoid names, places or significant dates ie. 1066
• Do not use substitutions in words for example: pa$$w0rd
Update all plugins
It is not just WordPress that needs to be updated. If you get a notification that a plugin has a new release, then update it. The reason they release updates is to fix bugs and remove any vulnerabilities within the plugin. Hackers love old plugins and there have been numerous issues with them, so make sure you keep yours fully updated.
Limit login attempts
Ever forgotten your credit card pin and find yourself blocked after 3 attempts? Well it is doing that for a reason, it is suspicious of you! So limiting login attempts on your website is a good preventative measure to take. As explained previously, most hacking is automatic so if you are using the default admin setting and have a weak password, a hacker could very well have a good chance of getting straight into your website via the front door. There are lots of plugins that you can use to set a limit to the amount of attempts one can make to gain access to your website.
The above listed are 5 really simple ways to protect your website from hacking. You do not need to be an expert to implement them. There are also lots of other measures you can take but you would need a bit more knowledge of WordPress. I hope these tips will help make your WordPress blog or website like Fort Knocks.