Securing your WordPress Site from Hackers
Online security in the Age of the Internet is the primary concern because everything in our lives is literally centered on inter-connectivity, especially with the coming of the Internet of Things, majority of us have gone digital and our data should be protected. Did you know that 20% of the web is powered by WordPress, which makes sites built on it susceptible to hacking? Well, now you do, and these hackers may not have anything against you, they just probably want to hone their skills or keep themselves and your site might just fall within their ‘Area of Interest’. You should know that there is no real foolproof way to keep your site from being compromised, particularly because hackers are evolving, coming up mind blowing code to destabilize site integrity with compete takeover and possible no recovery probability. Nevertheless, there are steps you can take to make sure that the Hack Potential Ratio is reduced significantly.
- Alter Admin Username
When you have installed your WordPress site, the default username created for you to log in as administrator is “admin”. This is widely known. And this is why when you log in into your WordPress Dashboard for the first time, you should create another user, following that you give it account admin privileges, then log out of the “admin” username account and log in with the new one. Once logged in into the new one, erase the “admin” account. At the risk of stating the obvious, your new account shouldn’t contain the username “admin2”, that’s a no-brainer! Come up with a cool, slightly-complicated, yet memorable name.
- Derive Strong Passwords
Your site needs a very robust password such that hackers or computer programs that are using brute force (guessing passwords and usernames recurrently) will have an incredibly hard time. You can use a password generator to come up with a strong one. You could also keep your password stored in a secure program like Keeper (who comes up with this names, but I guess in a way it’s creative).
- Limit Login Attempts
When someone or something like a robot tries to log in using brute force, a plugin like Limit Login Attempts will bar their IP address out after a specific number of times (normally after 5 or 10 tries). Granted, they can make new IP addresses, but the chance of them penetrating your devices goes ever slim. But, there is a caveat for you here, if you by some cruel turn of fate happen to forget your password and you try for a number of times to log in, you can get locked out of your dashboard. Not to despair, there is a silver lining for you, you can tell the plugin what your computer’s IP address is when you set it up and “whitelist” it, which essentially means that the rules won’t apply to you.
- Keeping Things Updated All the Time
It goes without saying, but I will say it anyway that the software for your WordPress needs to be constantly updated. These updates are vital because they come with bug patches and everything nice, these are ingredients used to create Power-Puff WordPress. If you decide to leave yours in an older version then you leave yourself open to attack! Plugins need to be updated, too. It behooves you to make updates the moment new versions come out, but I recommend you wait a few days, just in case there some “unforeseen events” with the versions then go on and update.
- Erase Unused Plugins and Themes
If you are not using anything from your WordPress dashboard and control panel, it’s probably best you delete them because they just take up space and function as doors through which you can be violated. There are people who hoard plugins, like the world isn’t strange enough! This applies to themes, too-just delete old themes because they are not serving you and may consist of bugs that offer an avenue for hacking.
- Disable the Ability for Others to Register for your Site
WordPress does allow you to let people register for your site, which is, unless you have a multi-user site or really require only a ton of people to register (could be members only sites), then it shouldn’t be for any Tom, Dick, and Harry, not mention, Mary, Jane, and Sally. To confirm, go to your dashboard on the left side and look for the option “Settings” and then “General”, from whence you’ll see a box that says “Anyone can register “, uncheck it if you want to.
- Back up Your Site
Back up your site regularly, this is because when you hacked, the easy remedy is to revert to your site to the last known health version. You might lose your data if you don’t have a recent copy of your site saved somewhere, it could be catastrophic!
- Acquire Google Web Masters
These are a free set of well-structured, tools that provide you a high level and pedantic information on your site and its corresponding health. God forbid that you are ever hacked, you’ll need this tool to get a clean report from Google, contrary will mean you get stuck with what I call the Grim-Reaper screen that appears as a warning when someone tries to access to your site. Majority of people shudder at this and usually click the “back” option! Webmaster alerts you the onset of this singular screen afore-said and it mean you have to clean up the site and then request Google to re-scan it and give you the thumbs-up for a clean bill of health.
- Stay Away From Free Themes
When WordPress is installed, it comes pre-packed with four themes that are all fine. However, here’s the clincher, if you go strolling around in cyber-space for a free theme, then caveat utilitor. Free themes can have bad code in them and upon my word you do get what you paid for, which is nothing! A lot of the premium themes can range from $20-$200, which is reasonable. You could try Themeforest where you can get one for less than fifty dollars.
- Alter File Privileges
You obviously know that the WordPress files on your serves have certain permissions that direct who has the capability to make changes. Weakly assigned privileges can make it possible for someone to create chaos to your files and institute a malicious code. Directories (folders) have a recommended 755 permission while individual files should have a 644 designation. Now that’s a lot of mambo jambo, go talk to your site’s host to aid you check whether your permissions are up to par.
What can I say, gird up your site O you WordPress user!