Does your website run the content management system (CMS) WordPress?
According to a study conducted by EnableSecurity, 73% of the top 40,000 WordPress websites are susceptible to hacking. Numbers such as these may sound discouraging, but securing a WordPress site is actually a relatively easy process that we’re going to discuss in greater detail today.
Use a Strong Password
Your first line of defense against hackers is a strong password. Setting your WordPress password as “facebook123” is just asking for trouble. Hackers often use “brute force” attacks to crack these basic, easy-to-remember passwords.
Here are some rules to follow when creating a WordPress password:
- Create a unique password; don’t use a password from another service or online account.
- Use a combination of upper-case letters, lower-case letters, numbers, and special characters.
- Never store your WordPress password in plain text format.
- Use a minimum of eight characters when creating a WordPress password.
Updates
Try to get into the habit of updating WordPress to the latest version as soon as it’s released. Websites running outdated versions of the CMS are vulnerable to cyber attacks, simply because they contain potential exploits. Developers actually introduced automatic updates in version 3.7; however, these only affect minor releases. When a major update is released, you’ll have to log into your website to perform the update manually. I recommend checking at least once a week (if not more) to see if a new version of WordPress is available.
Username
One of the most common cybser-security mistakes made with WordPress is using “admin” as the username. This may seem harmless enough, especially when you consider that a significant portion of WordPress webmasters have this username, but it’s serious security risk that must be addressed. If a hacker already knows the username for your site’s login (e.g. admin), he or she will only need to crack your password.
When you initially install WordPress on your server, you’ll have the option of choosing a username. If you’ve already installed WordPress (which I’m assuming you have), you’ll have to add a new user by choosing Users > Add New > give that user admin privileges, and then delete the old admin user.
Note: be sure to change the display name so it’s different from your actual username.
These are just a few simple steps that you can take to secure your WordPress from hackers. There are also plenty of plugins that can further strengthen your site’s security, so feel free to browse around the plugin directory.
