After a spate of brute force hacking attacks on the WordPress platform in 2013, many webmasters have started taking additional steps to protect their websites. Security should be your number one concern, particularly if you use your WordPress site for storing any personal or financial information or as an e-commerce website. While WordPress is one of the most popular content management systems in the world as well as one of the most versatile, these factors also make it a prime target for hackers using automated tools to get passed your login page and gain access to your administrator account. This guide takes a look at some of the most important and effective practices and plug-ins to help safeguard your website.
1 – Limit Login Attempts Plug-in
Limit Login Attempts is a plug-in for WordPress which allows you to set a limit on the number of times someone can attempt to log in to your administrator dashboard, either through the wp-admin page or by using authentication cookies. By default, WordPress does not have any limit on the number of login attempts, and this can leave your blog open to brute force hacking attacks. Download and install the plug-in from the administrator dashboard, and you will find a new menu appear in the Settings page called ‘Limit Login Attempts’ as shown in the screenshot below.
2 – Change Your Login Information
Using the default username for your WordPress administrator account is bad practice, as is using any other generic username such as ‘administrator’. The best idea is to use your first name or the name of your business. To change your username, log in to your administrator dashboard and navigate to Users > Your Profile and change the settings.
You can also change your administrator password in the same page, and you should do so on a regular basis. When creating a new password, make sure that it is a long one using both letters and numbers and preferably some special characters as well. Such passwords are practically impossible to hack using brute force methods. If you have multiple user account for your WordPress website, ensure that they also change their passwords regularly.
3 – Keep Everything Up-to-date
It should go without saying, that for the sake of security, performance and a whole range of other factors, you should keep your WordPress platform as well as all themes and plug-ins which you use up-to-date. Whenever a new version of WordPress is available, a notice will appear at the top of your administrator dashboard page, and you should install any updates as soon as they become available. Updates for the WordPress platform, as well as any themes and plug-ins which you have installed (including inactive ones) will appear on the Updates page. The number of available updates, if any, will appear in the top-left corner of your dashboard
4 – Back Up Your Site Regularly
Things can always go wrong, so keeping a backup of your WordPress site and database is absolutely vital. While most hosting companies provide this feature for you, they sometimes charge a fee for if you want to retrieve your backup. For the best security, install the WP Backup plug-in or another similar plug-in. WP Backup will back up your entire website, including your database. It also integrates with Dropbox, provides automated scheduled backups and offers a one-click restore function.
5 – Other Useful Security Plug-ins to Try
With security being the major concern that it is, it should come as no surprise that there are many security plug-ins to choose from. Following are some of the most popular options:
• iThemes Security: Formerly known as Better WP Security, this plug-in provides an extensive range of extra features and settings to help you secure your blog and detect any suspicious activity.
• BulletProof Security: This plugin protects your blog against many different types of hacking attempts by securing the .htaccess file in your website’s root directory.
• Securi Security: This plug-in checks your WordPress site for any suspicious software and other potential security threats such as comment spam and .htaccess redirects.