02 Jun How To Protect Your WordPress Website From Hackers
With over 70 million WordPress websites throughout the world, WordPress has become a leader in website development software. This is partly due to its ease of use for creating websites and blogs that get noticed and the fact that its software is free and open source, meaning that the source code is publicly available and open to everyone.
However, being open source, free, and popular brings in a lot of malicious attention, which can bring about security issues that need to be addressed to keep your website safe and secure from hackers and their constant attempts to hack websites. With a little knowhow, you can protect your WordPress website from hackers.
Make Sure WordPress is Up-to-Date
Keeping your WordPress up-to-date is a good way to prevent security issues with your website. Make sure that you update WordPress each time a new update is made available. There are usually three major updates released during the year, but additional minor updates are made between major updates as security problems or bugs are found.
As of version 3.7, WordPress software can be updated automatically in the background. However, this is only for minor updates. Updates do not download automatically unless you configure your system to do so. A word of caution here:
DO NOT AUTOMATICALLY UPGRADE MAJOR TO WORDPRESS UPDATES!
This is a big no, no. While it sounds simple and extremely convenient, major upgrades to WordPress can cause your website to partially break or completely crash due to compatibility issues with plugins and themes. All major updates should be handled manually. A major update is when WordPress is updating from version 4.4 to 4.5. A minor update is when it is updating from version 4.4 to 4.4.2. The difference between these is that a major update adds new features to WordPress while minor updates are typically related to security and bug fixes.
Number of WordPress Attacks PER DAY
Reduce the Chance of a Successful Brute Force Attack
Be sure to not use the popular “admin” username on your website. This account is one of the most targeted during a hacking attempt, such as a dictionary or brute-force attack. One of the simplest and most effective tactics against such an attack is to pick a username specific to you and to create a strong password or passphrase that consists of at least 12 characters. The longer and stronger your password is, the harder it will be for a hacker to figure it out and access your accounts. The best practice for creating a strong password is to include a combination of:
- Upper and lowercase letters
- Special characters (Such as exclamation points and question marks)
If you are like most people and have too many passwords to keep track of, try using a password manager software program like Dashlane or Last Pass to help manage millions of passwords and help you generate extremely secure ones.
As added security to your personal account, you can disallow WordPress from showing usernames to anyone except administrators, but this is typically done through plugins or by editing the core files of WordPress, which is a last-resort option and should be done with caution.
Tighten Your Security
Take the advice of IT professionals and follow their best practices for securing their websites, including:
- Assign as few permissions as possible to users and restrict their access to files and the content directories.
- Remove inactive users from your system.
- Do not display directory listings
- Configure HTTPS/SSL for admin and user logins
- Only give admin privileges to those who need it
- Disable remote server and database access
- Disable the ability to log in to root accounts
- Enable access and error logging
Be sure to check your website on a regular basis to make sure it is working as it should. Websites that appear to be abandoned or out of date are attractive targets for hackers because they know something is not up-to-date. Be sure to update your public content, plugins, and themes whenever possible to make your presence known to potential hackers.
Be Careful with Plug-Ins and Themes
More than half of successful WordPress hacks can be attributed to security holes in plug-ins and themes that are activated on WordPress websites. Plugins that have been poorly coded or simply out of date could make your site vulnerable to hacker attacks. If your plugins have not been updated on a regular basis, they could become a threat to the security of your website and anything in it.
It is a good practice to only activate plugins that are essential to your website. Deactivate and remove those that you do not need. Make sure to keep your WordPress theme and plugins up-to-date and be wary of free WordPress themes and plugins from questionable sources. Only download plug-ins and themes from reputable sources such as the official WordPress plugin and theme repository. Otherwise, you may also be downloading malicious files to your computer or server than can open up a backdoor for hackers to infiltrate your systems and compromise your website and your computer.
Keep Informed about Latest Security Threats
It is important to keep informed about the latest WordPress security issues when they occur. This does not mean you have to be constantly searching the web looking for latest news on hacking attacks. There are various types of plugins that you can install and security blogs that you can follow that help to keep you informed about any security threats taking place on your website and other WordPress installations. Be sure to take advantage of these services as they can keep you informed on how to protect your website from the latest hacking attacks.