Is your WordPress website safe from the threats of the internet? Have you implemented the necessary security measures to ensure that your site remains online, even in the face of a cyber-attack? If the answer is “no” or “I’m not sure,” then keep reading.
Despite the internet being littered with posts about WordPress security, I wanted to write something too; especially as I know many of you use WordPress to power your own websites. After all, brute force attacks come without warning and I highly recommend that you’re suitably prepared.
There are some important steps you should ALWAYS take when using WordPress, which will reduce the likelihood of brute force attacks. So if you don’t plan on installing a plugin or locking down your directories, you should be doing the following at the very least:
- DO NOT use ‘admin’ as your username – if you have an admin username, then create a new administrator user and delete the ‘admin’ one. Most bots will try to get into your website by using ‘admin’ as the username. Other usernames that have cropped up for me have been ‘test’, ‘writersblockadminservices’ and ‘user’. Don’t choose something obvious to outsiders, use something obscure.
- Use a VERY STRONG password – you can generate difficult passwords from various places, I use LastPass on a daily basis and you can even choose the length. My WP passwords are around 15/20 characters in length.
- Keep WordPress, Themes and Plugins all updated – when new updates come out it’s a good idea to install them. By not updating them, you leave yourself vulnerable and run the risk of potentially being hacked. As I work with many client sites and my own, I use ManageWP to keep my websites all updated at the click of a button. As a result, I have never had any problems with updates on any of the websites I manage. The longer you leave updates ‘unupdated’ (is that even a word?) the more problems you will encounter when you finally do decide to install them – I speak from experience of a client site crashing because it hadn’t been updated in so long.
- Remove deactivated plugins and themes – if you’re not using (or you don’t plan to use) deactivated plugins and themes, then delete them. Keep your WordPress website organised and updated and you shouldn’t encounter too many problems.
- Delete spam on a regular basis – if you get a lot of spam comments, then try to keep them under control. You can get some great spam plugins (I use Akismet) that will do this for you – there really is no excuse. If you have a buildup of spam delete it; all of these elements lend themselves to an unstable WordPress website.
Photo courtesy of Stiftelsen(CC Attribution)