We’ve seen many website owners nagging about the security of WordPress.
The opinion is that an open source script is vulnerable to all sorts of attacks. That is mostly not true but even then you shouldn’t blame WordPress.
Because it’s usually your fault that your site got hacked. There are some responsibilities that you have to take care of as a website owner.
So the key question is always,What are you doing to save your site from being hacked?
These are some 5 ways to secure your WordPress site:
1. Don’t use default admin as your username:
Try to avoid common usernames such as administrator, your website’s name or your name.
- If you’ve already installed WordPress using “admin” as your username or something else very simple, you can change it by inputting an SQL query in PHPMyAdmin
- Random strings of letters and numbers are best. If you don’t feel like coming up with something manually, you can use a password generator to accomplish the task like Norton Password Generator or Strong Password Generator.
- For passwords, it’s important to choose a complex password comprised of letters, numbers and characters. Don’t choose a password that’s similar to your username, website name or a simple word with a few changes. Avoid dictionary words, and preferably use a random string of characters.
- A good password management tool will help you securely generate, store and use these complex passwords.
2. Use 2-Factor Authentication:
A really good way to prevent brute force attacks is to set up two-step authentication. This means a password is required plus an authorization code that is sent to your phone in order to login to your site. It requires a user to login with not just their username and password, but also a unique code that’s generated for one-time-use and sent to a device (typically a smartphone) via SMS or an iOS/Android app.
3. Change the default URL login for WordPress:
Just as you update the WordPress Core regularly, you should also update plugins and themes. Each plugin and theme installed on your site is like a backdoor into your site’s admin. Unless properly secured (vetted thoroughly, updated regularly, etc), plugins and themes are like an open door to your personal info.
4. Use reCaptcha plugin:
reCAPTCHA forms, which ask the user to input what they see in an image as text, are a useful way to stop botnets from attempting to brute force login to your WordPress site. Botnets typically can’t automate this part of the login process, therefore it helps prevent them from accessing your site.
5. Backup your site:
I don’t just mean every once in a while. I mean predictably on a schedule. Scheduled backups are an essential part of any site’s security strategy because it ensures that if your site is compromised, you’ll be able to restore it to a version prior to the damage with ease. Choose an automated solution like WordPress Backup to Dropbox for simple backups and with built-in restore options.
Pro Tip : Buy hosting from a reliable source like us ?