With more and more blogs being created these days, there’s also an increasing number of hackers who want to exploit them. But this doesn’t have to happen to your blog! Here are ten easy steps you can take to help secure your WordPress blog.
1. Keep up-to-date with the latest version of WordPress
Staying current is essential, as releases are often made to address specific bugs or security holes. If you are several versions out-of-date, your blog may be wide open to needless attacks.
2. Create your own username
Since all hackers know that the default WordPress user is “admin”, why make their job easier? If you create your own user and delete this default one, the hackers will have to guess both your username AND your password. Here are the steps:
- Log in to WordPress, navigate to “Users” and select “Add New”.
- Choose a username that is unique and not readily obvious. Do not use your name, your e-mail address, or the name of your blog. If you are having trouble selecting a username, try a combination of your middle and last names, or a nickname you had growing up.
- Important: Give your new user the “Administrator” role.
- Log out from the “admin” user and log in with the new user account you just created.
- Navigate to “Users” and delete the default “admin” user. Be sure to select the option for transferring old posts to the new user so you do not loose any content.
3. Select a nickname
Creating a custom username will do you no good if that name is displayed on every post you write. Thankfully, WordPress includes a feature for setting a nickname—a name that will display publicly instead of your username. To set your nickname, navigate to the “Users” menu and select “Your Profile”. Enter your desired nickname in the “Display name publicly as” field.
4. Use a strong password
When it comes to passwords, a good rule of thumb is this: The longer and stronger, the better. After all, short, simple passwords are easy to guess; long, unusual ones are not. Security experts recommend selecting a passphrase—a combination of several words—that includes letters, numbers, and punctuation. Here are some examples:
NOTE: For obvious reasons, do not use any of these examples as your own password!
5. Use the WP Security Scan plugin
While not offering a be-all, end-all solution, this plugin does provide a measure of protection against basic attacks. You can find it here.
6. Use the Bad Behavior plugin
This is a nifty little plugin that checks the IP address of visitors to your blog. It compares their IP with a list of known spammers. If there’s a match, Bad Behavior can block that IP address from visiting your blog.
7. Use the Login LockDown plugin
What if a new hacker has not made it onto the list of known bad IP addresses yet? Here’s where Login LockDown comes in handy. Rather than comparing IP addresses to a list of known hackers, this plugin records the date, time, and IP address of each failed login attempt. After a certain number of failed login attempts from the same IP address range within a short time, that IP address ranch is blocked from logging in.
8. Prevent guest registrations
Unless you have a membership blog, do not allow people to register for a guest account. You can make sure this is switched off by navigating to the “Settings” menu and looking at the “Anyone can register” option. It should not be checked.
9. Backup your database
Although no one wants their site to be hacked, it’s good to be prepared should the unthinkable happen. The last thing you want is to find out that your blog has been hacked and you have no backup to recover from. The WordPress Database Backup plugin is simple and easy-to-use. Just activate it and schedule automatic backups. These can be sent as an attachment in an e-mail to your inbox. You can find this plugin here: http://www.ilfilosofo.com/blog/wp-db-backup/
10. Keep your plugins up-to-date
If you use the above-mentioned plugins or others, be sure they are kept current. Keeping your plugins up-to-date is just as important as keeping WordPress current, and for the same reasons. If any of your plugins are out-of-date, you will be notified on the plugins admin page.
This is a Guest Post was written by Tom Walker, a blogger and designer who works with an online store offering printer ink for homes and businesses in the UK. You can read more of his posts on the CreativeCloud, where he posts about advertising, art and design.