WordPress is the most flexible blogging platform . In five minutes, you can be up and running with zero coding knowledge. There is a wide variety of pre-built themes and plugins to choose from, and you can easily customize your site .
However, when a site gets hacked, we blame only WordPress. But the fault lies with us. It’s an on-going responsibility of every WordPress user to secure our WorPress site.
You can easily secure your WordPress blog from brute force attacks and pluginvulnerabilities with some simple settings. Take your site security as a high-priority item.
Change WordPress Default User Name
Knowing your username is half the battle, now all they have to guess is your password.
Since WordPress 3.0, you can pick a custom username on installation . So when you install WordPress don’t uses the default username ‘admin’.
There’s a botnet going around all the WordPresses and trying to login with the “admin” username and a bunch of common passwords. If you are using the default admin password, then change it.
See the failed login attempt to my site . All they try the default user name ‘admin’ , sitesprint, www.sitesprint.com,etc.
So It is very important to give a username which is hard to guess. Always disable unused user accounts and limit permissions on new user accounts to ensure more security.
Use a Complex Password
Use a complex password for your site. Use a combination of uppercase, lowercase letters , digits and special characters. If you are using WordPress.com enable two-step authentication.
You can use keepass , a free open-source software to generate more complex passwords for your site.
Keep Your WordPress Updated
Update, update, update. Majority of WordPress sites get hacked because of WordPress is out of date. It’s so important to update your software to avoid being hacked.
New versions are released to introduce brand new features, fix bugs or to patch security holes. So don’t ignore these updates. When you get the notification in admin panel for the latest version , update it.
Update all the plugins
Always update your plugins . Most of the security issue is related to plugin vulnerabilities. So install most trusted plugins, which are updated frequently and give better support.
Remove all unwanted and inactive plugins from your site.
Update your theme
update your theme properly when they release new versions. Purchase your theme from a known vendor.
When I purchase a theme, the first thing, I checked out who created the theme.Second, are they a known member of the community with an established reputation.
Don’t downloads the free version of premium themes from unknown sites. Sometimes these themes may be infected by malware and destroys all your sites .
Remove all unused themes from your site.
Backup your Site Regularly
Regular backup will save all your data when your site gets hacked. You can restore all your posts, comments and pages from this backup.
Limit the Number of Login Attempts
Limit the number of login attempt to your site to protect from botnet attack. You can use Limit login attempt or Better WP Security for the same. If someone is trying to guess your password, it will stop them from doing so.
Better WP Security is all in one security plugin which scans, secure and recover yourWordPress site.
If you are looking for more advanced security , try Sucuri.net . This is the best malware scanning and clean-up service on the web. You can choose an optimum plan for your site.
Choose the Right Webhost
Quality web hosting is a must for any kind of website. You are spending around $4- $10 monthly for your web host. So you deserve better support .
Go with a hosting company that can hopefully have experience in serving sites onWordPress. I am extremely happy with HostGator for their timely support and quick fixes.
No matter , what kind of site you are running , stay vigilant and keep updated !