WordPress is one of the easiest ways to create an attractive, professional looking website in a matter of hours, even if you have no previous website building experience. It is packed full of free features such as templates, plugins (mini-programs), and widgets, which are building blocks that can create an exciting website for your visitors.
unfortunately this has resulted in cyber-criminals to target WordPress websites in order to steal them from their rightful owners so they can start making money from them instead. Generally this works along the lines of a group of hackers locating a vulnerability and then searching within Google to find similar websites that have this vulnerability.
As a result, WordPress has become much more security conscious, however, it still pays to be vigilant yourself in order to protect what is essentially your valuable property.
Fortunately, there are a number of ways to make your WordPress based site or blog more secure.
NEVER give anyone administrative privileges unless you are absolutely sure they are 100% trustworthy. Anyone with admin level privileges can lock you out of the site completely and steal it.
Don’t Use “Admin” as Your User Name
The default user name when you are first setting up WordPress is “Admin”. Change it to something else hackers and their robots won’t be able to guess. Do note that it will be visible if you write any content for the site, but you can set your name and the way you wish it to appear in your personal profile area if you wish to slow down thieves even more. So for example, your user name would be websiteadmin but your name would show as John, John Smith, or J Smith depending on what you set in your profile.
Be Password Savvy
Use the auto-generated password feature in your profile area to generate long, random passwords. Keep your password in a safe place, and change it regularly.
The Settings -> General tab has a checkbox that determines whether or not you will allow users to join your site. This is an important decision, because allowing people to (for example) post comments at your site via their subscriber account could give them the chance to introduce malicious code to the website, which could damage it or help them steal it.
Allowing Contributors, Authors and Editors
The same issue applies here as it does to subscribers. However, it is important to note the hierarchy of user-ship. Subscriber is the lowest and admin the highest, with full privileges. Editor can do everything an admin can except change the basic structure of the site, so if you are worried about malicious actions, don’t set permission any higher than contributor if you want to allow people to post on your site but want to minimize security risks.
Get SSL (Secure Socket Layer) certification, from your hosting service. You may have to pay for it if it is not already free with your website, but it is an important layer of security for any site – especially if you are selling products from yours. In addition, it is important to note that Google is no longer recognizing sites that don’t have an SSL certificate. Once you do have SSL, it will transform your http:// at the front of your email address to https:// and show a little padlock icon next to your URL.
Use the Wordfence plugin to get notified via email of any security issues with your site. Use the Google Authenticator – Two Factor Authentication plugin so people are not just entering their user name and password, but another factor as well, such as an image or a Captcha code. iThemes Security is another handy security plugin which offers more than 30 ways to protect your site.
Wordfence – https://wordpress.org/plugins/wordfence/
Google Authenticator – https://wordpress.org/plugins/google-authenticator/
iThemes Security – https://wordpress.org/plugins/search/ithemes/
Change Your Login Page
Change your login page using the rename-login plugin so hackers can’t try to break into your site using that URL.
Back it Up
No matter how well protected your website is, if someone is determined and has the resources they will eventually gain access to your website, just look at how many government websites are hacked. It’s therefore essential that you regularly backup your website, this then gives you the option of restoring your website in minutes should it ever get hacked.
Use these tips and tricks to help you keep your site safe.