WordPress is the most developer-friendly content management system out there, the software enables you the ability to create beautiful designs, it has powerful features, and the freedom to build anything you want. Millions of websites are powered by WordPress software. Unfortunately, that has some downsides as well.
Your First Line of Defense – your login page!
To start, change your default configuration, hackers and some pesky users with too much curiosity immediately know where to log in to get into your admin area. In WordPress, you can just type in domain.com/wp-admin, and it will take you right to the login screen. Once there, it’s all about trying to crack your password and the most common method hackers use is brute force, which allows them to test millions of login combinations in a short amount of time. The very first line of defense is to change your login page to something other than wp-admin. Next, ensure the username is unique, don’t use the typical “admin” username. You will protect your website immediately, once you ensure your username is unique. Delete the Sample Page; it lets hackers know you have just setup WordPress and likely have not updated your username and login page.
If you have already installed your website and you chose “admin” as your username, don’t worry about it. There’s still a way to change it. – Go to the Users section on the WordPress. The fastest way is to register another user and then give that user admin permission. Then you can log in with that new admin username and proceed to delete the old “admin” username. You will need to use a different email than the one assigned to the admin username if using this method.
If you have many posts and pages assigned to your user and don’t want to re-assign them, you can change your username through PHPMyAdmin. First login to your cPanel and go into PHPMyAdmin. Select your WordPress database and go into wp_users table. Click Edit next to your “admin” user, and change the user_login field to whatever you want it to be.
Back Up Your Website
There are different preventive measures you can take to minimize the risk of getting your website hacked. Backup your site daily and weekly. My practice is daily, weekly and monthly. I am an active user on my site, with blog updates and client downloads. Obviously, it depends on how often your website gets updated, but I would suggest at least a weekly backup. There are many WordPress plugins that can help you with that, but my favorite is BackupBuddy.
Limit Login Attempts
There is a great WordPress plugin called Limit Login Attempts that enables you to limit the number of failed login attempts and even ban an IP for a specified number of hours. Remember how I mentioned brute force attacks and trying millions of different login combinations? Well, with this plugin brute force attacks would be much harder to pull off.
Set Strong Passwords
I know most people probably think, Oh, why would a hacker hack my website!?!, but those are the types of people most likely to be the victims of hacking. Hackers are simply interested in the thrill of hacking and adding malicious code. I have WordPress website owners contact me regularly, requesting help. Create strong passwords for all users of your site. Don’t allow users to create anything but a strong password. Avoid anything that has to do with your name, website name, or other publicly available information about you. And always choose complex password combinations.
So you’re probably thinking, how am I supposed to remember those passwords that are considered good? I suggest using a password keeper app such as Dashlane or KeePass. Yes, you could be susceptible if Dashlane/KeePass gets hacked; however, chances of that happening are slim, since that is their business model. All Password keepers, keep all data heavily encrypted, so even if it gets hacked, your passwords should still be pretty safe.
These are just a few ideas to help you get started securing your site. Consult with an expert WordPress Security company to learn more defense techniques. Your website is likely your gateway to your business. Having your site available 24/7, should be top of mind. Once you have these and other security methods in play, you can focus on your business and get down to business.