WordPress is one of the most popular free and open source CMS out there. It makes process of building sites extremely easy . As WordPress is so popular it has a large number of plugins and themes available.
But popularity also means that it gets the unwanted attention of hackers. If you are running a WordPress web site, you should follow these simple rules to keep your site safe:
1. Keep everything updated.
WordPress is a little infamous for being vulnerable and being insecure. The truth is it only becomes so if the WordPress install files, themes and plugins are not updated. The hackers then try to find the vulnerabilities through the outdated files.
2. Don’t keep user name as ‘admin’.
The ‘admin’ username is created when WordPress is installed on your site. This is the default username for WordPress. If you do not change this username, you are making the hacker’s work easy by already providing him with the username, then he just has to take care of the password to gain access. This step is also a good security measure against the WordPress wp-login.php brute force attack.
3. Keep a strong Password.
One of the biggest mistakes while keeping a password is to create a password which is a real word or name in any language. The first thing a hacker does is they run a script which tries every word present in Wikipedia as your password. The practice would be to keep generate a password using one of the many available password generators.
4. Choose the right Web Host.
Look for a web host which provides server-side malware scanning and cleanup. One of the biggest risks related to hosting is being on ‘Shared Hosting’. Look at it this way, the risk for your site on a shared hosting is the risk involved with your WordPress installation multiplied by the number of WordPress installs on the whole server. So make sure that if you still use a shared hosting, your site should be on a server with a least amount of sites.
5. Monitor and clean up Malware.
In case you follow all the steps mentioned here and still manage to get your site infected with malware (which might very well happen), then it is important that you keep scanning the server regularly for malware and when encountered with one, handle it in a swift fashion. Some hostings even provide everyday malware scanning and clean up support. It is always advised to use such a hosting. You could also use plugins like sucuri to monitor your site.
6. Delete unused Themes/Plugins.
Keep your WordPress install as clean as possible. Delete all the unused plugins and themes present on your site. Any one of these could lead to a potential security breach and allow malware to enter the site.
7. Limit the number of login attempts.
One of the most common threat to any site is a brute force attack. This attack basically tries every combination of Username and Password present to try and log in to your admin account. You can keep your site safe by such attacks by simply installing any one of the many plugins which limit the number of login attempts made from a single source.
The best thing to do is to take your website’s security very seriously and always stay vigilant.
Have any other security tip that you would like to share ? Feel free to drop them in the comment box below.