Do you use WordPress? If the answer is yes, then you’ve made a great decision. WordPress is easy to use, is packed with many features, and is SEO compliant, all of which aids in its popularity as the number one Content Management System (CMS).
But with all this popularity, there is always that air of risk. As with any popular program or tool, WordPress attracts many hackers who are constantly looking for ways to exploit your website. The last thing you ever want to happen is for your site to be hacked, and then suspended for hosting malicious files or sending out phishing emails.
The cost of such a thing would be huge to your reputation, without including the cost of fixing and restoring the site, which could be higher. It may also take you a considerable amount of time to recover that trust you’d almost certainly have lost with your clients. And that’s without considering any damage that may have been done to your rankings in the major search engines.
But you needn’t worry about that. If you take the time on how to secure your WordPress site from hackers, you can prevent the vast majority of hacking attempts from ever occurring.
Let’s start this off with the easiest tip that you can implement. If the admin password for your website is ‘abc123’ or something similar, in its level of complexity, then your site is at risk. You might as well put a note on your site telling hackers to come on in and take full advantage of the site.
It’s highly recommended that you use a strong password which combines both lower and upper case keys, symbols and numbers. Something like jodSDY13~# or @#’eSrt14a are excellent examples of strong passwords. Keep in mind that most hackers will brute force the password, so if your password is strong, you should have nothing to worry about.
You want to make a habit of backing up your database and blog; you don’t want to depend solely on your hosting company for backups, as it is possible for hackers to infect those backups too. There are many tools out there that you can use to back up your blog, so be sure to download and use one.
If you implement a lockdown feature for failed login attempts, it will work as an effective countermeasure against continuous brute force attempts. Whenever a hacker attempts to brute force your password with repeated wrong passwords, the site is immediately locked, and the admin is notified of the hacking attempt via email.
There are many of these security plugins; I think iThemes is a pretty decent one, so you may want to check it out. The plugin comes with a number of features, allowing you to specify how many login attempts before a failure, after which the attacker’s IP is banned.
A very good security measure entails the implementation of 2-factor authentication (2FA). In this particular scenario, the end user is forced to provide login details from two different platforms. These platforms are decided by the website owner. It could be a standard password with a secret code or question or set of characters.
You may decide to go with a secret code when using 2-factor authentication on your site. The Google Authenticator plugin is something you may want to use for this task.
The vast majority of webmasters tend to leave the admin login page as it is by default, which usually is either wp-login.php or wp-admin.
However, it is possible for you to make your website more secure by changing this URL from its default to something like site_login.php.
With just this simple step, you’ll be able to halt more automated brute force attacks, which are designed to attack the default admin URL. You may want to use the iThemes security plugin for this particular task.
WP-admin is without a doubt the most important directory of your WordPress site. It’s for this reasons why you may want to password protect it to add an additional layer of security to it; one for the admin area and the other for logging in. You can use the AskApache Password Protection plugin, to carry out this objective.
Of course, there are certain areas of the WP-admin directory that will need to be used by the admin, and on a relatively frequent basis, it’s for this reason why you may want to block only certain folders within the directory and not the directory in its entirety.
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website https://www.compuchenna.co.uk.