What does your to-do list include? I guess a bunch of contacts that you need to reply via email, return phone calls, show up for meetings, write more content and a whole bunch of other stuffs.
But, what if I told you that the effects of being hacked could cause all of your work to be destroyed and you would have to start over? Disastrous right? If you have been working for your new website, the work will just go for ever!
This is the scenario where WordPress security fits exactly in. Add it to the top of your to do list right now!
Lucky you, if you are a WordPress user. There are a few precautions you may take to make sure your site is as secure as possible. Below are 11 of such thing you may do to secure your site:
1. Create Strong Passwords
This is one of the easiest steps to do to make sure that your website is secure. Do not go by the excuses made by most people about it taking too much time. Take it rather seriously. Each of your sites should have different passwords.
- Every password should be at least 15 characters long. It is even better if your password does not contain a real word.
- You should use capital and lowercase letters, numbers and special characters such as a question mark.
- Your password is your first form of protection against hackers, so make sure you come up with a strong one.
Never write down your passwords. The only two places your passwords should be are in your head or within a password manager with a strong master password.
If you plan on using a password manager, LastPass or KeePass should do the job for you. LastPass offers a free version and a premium version for $12 a year, while KeePass is open-source and completely free. If you decide to use KeePass, make sure you keep a backup of the password database file in case the file becomes corrupted or your hard drive fails.
2. Always Keep Your Site Updated
Most users of WordPress do not make current updates for their site. WordPress do not ask you to release these updates so that you get media attention, rather updates are released to fix bugs, patch security holes, and to introduce new features.
What do you think is the answer to this question,” Will any solution always remain a step ahead of the hackers?”Definitely NO, right? But when there are security holes that are known and there are patches available, you need to implement them on your site. There are no excuses for not keeping up with the updates.
Keep your plug-ins and themes up-to-date. Also, if you have a VPS or dedicated server, keep all of the things associated with the server up-to-date as well.
If you feel that it is a hectic job to manage all your websites, well, nothing is hard today. Thanks to Infinite WP and Manage WP that allows you to manage and update all of your sites from within one dashboard.
3. Altering the WordPress Login Username
Change the username that is provided as the default admin user when you first set up your account.
Most hackers attack your website automatically. They will either use “admin”, “administrator”, “manager”, or your domain name to try to hack into your account. We therefore suggest the use of random user name. Back up the user name by a strong user password.
4. Protecting Against Brute Force Attacks
It is estimate that most sits have at least a few hundred unauthorized login attempts each day.
They not only have the ability to successfully hack into your blog, but these attacks can also turn fatal on your server resources. Guard against these brute force attacks by making sure that you have taken the steps listed above. Install plug-ins like Limit Login Attempts as it locks out the hacker after a certain number of failed login attempts.
5. Malware Monitoring
Get access to a solution that will constantly monitor your site for malware.
WordFence is perfect for the same. It will scan your WordPress core, plug-ins, and themes for changes against the files in the WordPress repository. In case of any changes made to the file, it will send you an email notification if you provide an email address within the plug-in options page.
Sucuri is another malware monitoring solution that includes server side scanning as well as a variety of other features. Though it costs extra, I am sure that the money is worth the additional features it provides.
6. Fix Issues related to Malware
You should not only prevent malware from infecting your blog but also find a way to clean up any malware issues that are detected. One of the very important costs that many blog and website owners tend to overlook is the cost of downtime that is associated with security problems and the time it takes to clean up those issues.
If you are using Surcuri and have been hacked in the past, you can sign up for their service and they will remove the malware even if you were hacked before signing up.
7. Deciding on a Hosting Provider
A substantial security risk comes from having your blog on a shared server. Consider the risks of your single blog and then multiply it by the number of blogs and websites on the same server.
If you choose shared hosting you are sure to be bumped in with hundreds of other sites. The reason shared hosting is a big risk is because if another website on the same server as you gets hacked, there are chances that your website can be hacked as well.
Your own VPS or dedicated server may not be the right choice for you because of the knowledge to manage it and also the cost. Well, in this case WordPress hosting may be a good alternative. They offer hosting that is more expensive but worthy enough considering the risks that comes with generic shared hosting.
WordPress hosting gives you better security, a faster site, better support and full backups done automatically. The 3 managed WordPress hosts that are most famous are WP Engine, Pagely, and Synthesis. All of them are slightly different and have different benefits according to your needs.
8. Clean Up Your Site
It the humdrum of protecting your blog, do not forget to keep your blog tidy as well. Get rid of any old plugins and themes that you are not using anymore.
Separate your websites that are in production and still being developed by having them on separate servers. Many a times it happens that you work on a new website but forget about it after a while. They become out of date and are more susceptible to hacking. This is another reason why we suggest you to separate your websites on different servers that you are still working on from live websites in production.
9. Control Sensitive Information
Upon cleaning up your blog files make sure that you are not leaving any important information available for the world to access. Check your phpinfo.php and i.php files very carefully. These are like roadmaps to your set up and a hacker uses exactly this information to break in.
Never store backups of your site directly on your website’s server. You will be inviting potential hackers to download the backups and hack into your website otherwise.
Disable directory browsing as it prevents a hacker from browsing your blog site’s folders and files for information that could lead to them into finding a way to hack into you.
You can disable directory browsing by simply adding (without the quotes), “Options –Indexes,” to your .htaccess file.
Also be careful while using the file manager within CPanel and saving temporary copies of important files such as wp-config.php. It is far better to use secure file transfer protocol (SFTP) with a program such as FileZilla.
Tip: Never store your passwords within FileZilla because they are not encrypted. If you were ever to get malware on that computer, it is very common for malware to search for passwords stored within FileZilla and use them for malicious intent.
10. Backup Your Site
Always keep a backup of your blog site. It comes handy when your site gets hacked or even if you made the wrong change to a file and wants to restore a prior version.
BackupBuddy and VaultPress are the two best answers backing up your site. Even if you are using another backup solution, it is okay. Only make sure that it isn’t overwriting the previous backup and that you have backups going at least a few weeks back. It is always a good idea to test the backup to make sure it works.
11. Be Cautious
Keep yourself updated and be cautious about everything that is going on in the WordPress security world.
Always remember that, prevention is better than cure. As such preventing an issue in the first place is better than detecting and fixing them later on. A managed WordPress host will definitely have your back, but what is the harm in having your own back as well?
Secure your website with the steps as mentioned above and remain tension free. Hackers are every where! Do not underestimate them at any cost.
Latest posts by Akshay Agarwal (see all)
- Most Interesting Indian Mom Bloggers & Blogs to Follow - October 18, 2018
- Unique Traditional Wedding Outfits From Around the World - February 13, 2017
- 10 Best Mesmerizing Perfumes Brands to Buy For Indian Men - January 31, 2017