WordPress is one of the most popular and accessible CMS applications on the market, used by first-time bloggers, web developers, large corporations and media outlets alike. With more than 60 million devotees worldwide, WordPress is in fact the most widely used content management system (CMS) today.
Unfortunately, this popularity also attracts the attention of hackers who exploit any small vulnerability.
Don’t let all the hard work you’ve put into your blog go to waste. Review these 10 WordPress security tips – and then take a few minutes to secure your website.
- Change the ‘admin’ login. When you install WordPress, the default username is always ‘admin.’ Don’t make it easy for intrusive hackers to get in – change it!
- Use strong passwords everywhere. This means a combination of upper and lower case letters, numbers, and symbols. No words or dates! This goes for all passwords, including your cPanel/FTP password and WordPress admin password. Use a different password for each of them and remember to change them frequently.
- Use the latest version of WordPress. WordPress regularly issues updates, designed to address known security concerns and vulnerabilities. Install updates right away – not only will this increase your site’s security, but it will help your blog run smoother. Update directly from your dashboard or WordPress, never a third-party provider.
- Mind your plugins. Always do your due diligence before downloading a plugin. Research the plugin itself and only download from a trusted source. Keep your plugins up to date at all times.
- Delete any plugins or themes you’re not using. You may have downloaded plugins or themes to try out, but decided not to use them. Simply deactivating them is not enough – delete them to ensure any weaknesses cannot be exploited. Review and delete your themes or plugins by going to Appearance > Themes or Plugins > Installed Plugins.
- Install the ‘Limit Login Attempts’ plugin. This will block an IP address from accessing your account after a number of failed login attempts, as well as disabling brute force attacks. You can download this plugin directly from WordPress: http://wordpress.org/extend/plugins/limit-login-attempts/
- Install the WP Security Scan plugin. This is another must-have plugin; it scans your WordPress for security issues and, best of all, offers a solution for any vulnerabilities it finds. Download it from WordPress here: http://wordpress.org/extend/plugins/wp-security-scan/
- Use .htaccess files to protect the ‘wp-admin’ and other directories. The .htaccess files are available in your hosting folder; you may also upload a blank index.html file to the folder to achieve the same result. Read more about .htaccess here: /knowledgebase/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=220
- Install and activate anti-virus and anti-spyware software on your computer. Don’t forget the updates!
- Back up your files regularly. Do planned manual backups at least once a week or – even better – take advantage of HostPapa Automated Website Backup. /knowledgebase/index.php?_m=knowledgebase&_a=view&parentcategoryid=225&pcid=0&nav=0
These tips will help you enjoy your website experience long into the future. A little time spent tightening your website security now might just save you a lot of time and frustration later.