If you need an easy-to-use website to grow your business or your brand, youâ€™ll be hard-pressed to find a better option than WordPress. While WordPress is our go-to platform for building basic small business websites, its popularity and ease of use make it a very popular target for hackers.
We thought some general tips on how to keep your WordPress-powered website protected would be most helpful.Â Taking the following, relatively simple, steps will go a long way in helping to protect your site from potential threats.
- Always keep up with WordPress updates, including plugins and widgets.Â If you arenâ€™t running the very latest version of WordPress, then you are likely running a version with multiple known vulnerabilities â€“ bugs that hackers can use to gain a foothold on your system. WordPress does a great job at fixing security vulnerabilities with each new software update, so itâ€™s important that your site keep up with them. You should do the same with any plugin or widget you install on your site.
- Donâ€™t use the default â€œadminâ€ username. In fact, delete the admin username after you create a new one with admin privileges. Â The â€œadminâ€ username is created when you first install your WordPress app. Hackers commonly target this default username because most people donâ€™t bother to change it.Â This is a good security measure to help protect against the recent globalÂ WordPress wp-login.php brute force attack.
- Use complex passwords. Â Many attacks are dictionary-based, which basically means that if you use a simple word as your password, it will eventually be bypassed through process of elimination. Using complex passwords can make such attacks much more difficult. At minimum, your password should be 8-10 character long â€“ using a combination of numbers, letters, and special characters (i.e. #, @, %).
- Consider changing the file structure. Attackers purposely look for website directories with â€œwpâ€ in their names (i.e. â€œwp-adminâ€).Â If youâ€™re not a webmaster or web developer, this step may require some help, Â but itâ€™s certainly worth the effort. Hackers are specifically targeting WordPress sites by scanning the web for the telling â€œwpâ€ in URLs across the web. Â By removing this common directory naming convention, you could likely avoid being a target altogether.
- Add a plugin or security shield that prevents too many login attempts.Â You may be familiar with an online account (such as your bank) that will block you from logging in after too many failed attempts. This security measure prevents brute-force attacks, which often involve many (sometimes hundreds or thousands) of login attempts until a password is generated correctly. You can add a similar feature to your WordPress site with a number of plugins.
While the above steps can go a long way to help protect your WordPress site, new attacks surface just about every day. It is importantÂ that you stay diligent,Â and implement future security steps as you see fit.