WordPress security

If you are using WordPress, you may not have had the misfortune of being hacked yet.  I say yet, as it’s likely that at some point someone will try and infiltrate your WordPress website maliciously.

There are some simple ways to help wordpress security and protect your website, here are just a few:

1) If you are using a simple user name, or worse still “admin”, then your password is the only form of security that your website has…. when you set up WordPress, the “admin” user is usually given full access rights, and hackers will know this.  So, choose a different user name and a strong password.

Create a user name that no-one could guess easily. Try to avoid using the name of the website, or URL… pick something like your initials, a number and odd letters = TYP12-09-007 and give this user full admin rights.  once done, delete the “admin” user.

2) Use a password that will be difficult to guess, try to avoid, pets names, your address or words in the dictionary.  Instead use an online password generator, such as https://lastpass.com/generatepassword.php to generate secure passwords. Lastpass https://lastpass.com/f?5085846 will also keep your passwords safe, give it a try.

Secondly, if your user name is advertised each time you publish a blog, this is giving the hacker information to the try and log in. If your theme, has the option to disable this, I would suggest you consider this option.  There are ways to disable this, but you are best to check with the WordPress help files first and always backup your website.

3) Update WordPress, plugins and themes.  Vulnerabilities can open your website up to hackers, and plugins and themes that remain out of date, can give these people an access point to your website.

By keeping your plugins to a minimum, and updating them, should help to avoid this type of issue.  Themes are continually updated and therefore it’s key to ensure you do too.  Always ensure you have a backup copy of your website in case any updates break your site.

And finally, WordPress is updated regularly to close these vulnerabilities, bugs and issues, so try to ensure you keep this up to date.

Always back up your wordpress website, before making any changes to users, passwords or settings and check any release notes for incompatibilities.