With cyber crime on the rise and the bad guys getting more and more sophisticated in their attacks and exploits, securing your website against such has never been more critical. In this blog post, we are going to offer you 7 major tips for WordPress security.
Limit Login Attempts
One of the most common attacks is the brute force attack where a hacker attempts multiple times to guess your password by trying combinations of letters and numbers.
The best way to combat against this attack is to limit the number of incorrect login attempts that can be made before the login page is locked down for a specified period of time.
Our recommended plugin for doing this would be the WP Limit Login Attempts plugin.
In addition to being able to set the number of login attempts and the lock down time, you can also enable the use of captcha to prevent robots or spammers from login in.
Disable the Default WP Login URL
One of the easiest ways to determine whether a site was built on WordPress is to add ‘/wp-admin‘ at the end of the website’s URL and see if the default WordPress login page shows up.
One of the best ways to prevent this from happening is by using the WP Hide Login plugin which allows you to disable the default WordPress login URL and set your very own custom url for logging in.
Update all Themes and Plugins
This is a very obvious practice to perform diligently but you will be surprised at just how often it is neglected by many WordPress users.
Outdated plugins are the WordPress hacker’s dream as they contain vulnerabilities that can be exploited.
Ensure that all your themes and plugins are updated and don’t forget to update WordPress as well whenever a new version comes out.[alert-announce] Do not use plugins whose last updated date is over a year ago. Find alternatives that are better maintained.[/alert-announce]
Use a Fake Admin Account
That’s right we recommend that you keep the admin username on your website active but downgrade its role to that of a subscriber.
Well here is the thing …. hackers typically always try to gain access to a website using the admin account first because of the obvious power that comes with it. However before trying to gain control of the admin account, they will try to first confirm that the username exists in the first place. If the admin account does exist, the wanna be hacker is going to spend all his time trying to figure out the password and if by some chance he is successful, he is going to be mightily disappointed when he logs in only to find out that his capabilities are limited to that of a subscriber.
Use Strong Passwords
One of the more obvious tips for WordPress security but yet there are still people who use passwords like ‘swordfish’, ‘1234abcd’, ‘qwerty’ and my favorite password of all time ‘password’. If you are belong to this group then you are begging to have your website hacked.
[alert-note]So how exactly can I create a strong password? – A strong password is made up of at least 8 characters and is a combination of letters (upper & lower), numbers and special symbols like # or @.[/alert-note]
Employ the 2 Factor Authentication method
We highly recommend using the Clef plugin to provide an additional layer of security for your WordPress website. With this plugin you can disable the conventional method of login in using a username and password and instead use your smart phone to gain access.
You can watch our YouTube tutorial on how to use the Clef plugin.
Run Security Audits
We recommend using the WP Security Audit plugin which would allow you to monitor everything that happens on your WordPress website.
The plugin tracks all events like a user logging in, the activation/deactivation of a plugin, new database tables created etc.
With this plugin activated on your site, you can be rest assured that you have got your your website protected.
So there you you have it, our top 7 tips for WordPress security. If you prefer a video tutorial instead, you can watch it below.