WordPress is undeniably one of the most used open source CMS worldwide. It’s a great blogging tool that offers a whole bunch of benefits to its customers. With this CMS (saying nothing of the thousands of WP plugins and other add-ons available on the net for free) you can create an exceptional website to fulfill your business/personal needs. However, publishing a website is only half the battle. Another half is its maintenance and protection. It’s sad to admit, but many WP users overlook simple security measures and fall victim to cyber criminals.
In this post I’m going to show how you can protect your website by taking simple actions that don’t require too much time and effort. So, once you’ve decided to secure a website, your first steps will be as follows:
1.Protect your admin access. Create a new administrator account and delete the old user name. Hackers can use your old user names (especially if they match with your real name you publish on your website) to get access to your admin panel.
2. Protect your password. You’re are solely responsible for this point. Create a strong pass containing numbers, small and capital letters, spaces and other rarely used special characters. Suggestion: create different passwords for different services; never share your access data.
3. Update your website on a regular basis. Although most modern tools don’t need any user intervention and update automatically, there are still many things in your WP CMS requiring your attention. Keep your admin panel neat and clear: delete inactive plugins, old themes, etc.
4. Investigate failed login attempts. When you get a notification about failed login attempts, you should never ignore them. In case you observe a suspicious activity from the same IP address within a short period of time someone may be trying to hack your website. Lock out suspicious IP addresses.
5. Back up your data. In fact, your hosting provider must be responsible for this – in case the company you use doesn’t offer this function, you’d better consider changing your hosting provider.
6. Secure your PC. Under these I mean selecting a highly protected web browser and installing security software. You may either use light versions of antivirus software to ensure your computer is free from malware and spyware, or you may opt for a specialized service (like vistnet.com, for example) protecting you from DDos attacks (in case you suspect someone’s trying to hack you).
7. Use encrypted login plugin. There’s a variety of password encryption plugins – by activating one of them you hide your password with a random number (nonce), while your username stays unencrypted.
8. Avoid access from public Wi-Fi. Public wireless networks are very popular among hackers using automated password-harvesting software. Try to avoid accessing your WordPress admin panel using public Wi-Fi.
9. Restrict file permission. In case there is a need of providing access to third parties, do this wisely. Don’t let others mess up your settings.
10. Choose the right hosting provider. This is probably the most useful tip. Because the security of your website is closely tied with the quality of service you use. When selecting a hosting plan, don’t hesitate to ask your webhost about their security precautions.
Aleksey is an experienced webmaster who specializes in website security. He enjoys reviewing the most popular web security services. He always recommends using simple security precautions, and in urgent cases – addressing the fastest emergency protection web services, like http://www.vistnet.com/ (they even offer free setup for those who are attacked).