Extra steps to secure your Wordpress site
While there is no way to 100% protect against hacking, there are some steps that you can take to help prevent your site from intrusions.
Stop using the "admin" username:
A lot of malicious scripts try to break in by making login attempts using the "admin" username, including uppercase and lowercase letters. We always suggest creating a username that is unique.
Also, when giving someone temporary access to your WP Dashboard, it is best to make a separate admin login. You can go to "users" and "add new" and setup a new admin user/pass. Just make sure to check the box for giving the user admin privileges.
Use strong passwords:
A strong password may not be the easiest to remember, but it will help prevent you from getting hacked through the login form.
For a very strong password, you would want to use as many of the following as possible:
- At least one or more upper case letters (as well as lower case letters)
- At least one or more numbers
- At least one special charactor such as !@#$%^&* or others
- The longer the password the better.
Keep WordPress, Themes, & Plugins up to date:
A lot of themes, and plugins are updated with security patches on a regular basis (along with all the other cool updates they do). So when you see an update available, do what you can to update it.
Our Helpdesk sees sites on a daily basis that have older WordPress installations, themes, and plugins that have not been updated in months. This is cause for concern because not updating your site can cause problems beyond hacking.
Install and use Security Plugins:
There are many plugins that will help you maintain a secure WordPress installation. One of these would be "Limit Login Attempts" which helps with any brute force attack on the login form.
Other good security plugins include WordFence, Better WP Security, and many others.
Always keep a workable backup:
If you are not backing up your sites you should be. You have put many hours, and invested lots of money to build your sites. There are several ways to do this. You should also consider saving your backup files to a cloud hosted solution such as DropBox, or even Amazon S3.
- Manually backup the database and WordPress files either through cPanel or other means as needed.
- Install a plugin like "BackWPup"
- You can use sites like managewp.com or infinitewp.com to help manage all of our WordPress sites and perform automatic backups to DropBox, or Amazon S3.
- Perform Daily database backups and at least weekly file backups.
While these tips will help you maintain a secure website, we can not guarantee that using only these methods will work 100% of the time. Site maintenance and security should be a top priority at all times if you want to keep your site in working order.
WordPress.org also an article about securing your sites as well (opens in new window).