Is your WordPress website secure? Any website can get hacked but sites on the popular content management system, WordPress are often targeted. The popularity, visibility and one step installations that create uniform file names make it a target for hackers. What can a WordPress user do?
First, keep your WordPress installation up to date. It used to be quite cumbersome to upgrade WordPress but now the one step update makes it easy. Back up your files regularly and use that one step update as soon as you see it on your dashboard. That goes for your plugins as well!
Second, use strong passwords. Unique passwords that are randomly generated are always the best. Never use the same password at different sites. If you have a hard time remembering randomly generated passwords, use a string that makes sense to you but wouldn’t make sense to anyone else.
Third, avoid the user name “Admin”. The user name “Admin” was formerly the default user name for many one click installations. As a result, it’s common. Random hackers using software to try and hack into websites may start by using this user name and then just keep trying random passwords to break in. If you have a different user name, they’ll never break the code. If you have the user name Admin, they might.
Fourth, don’t use one click installs. Fantastico, which has been around forever always names their databases starting with the prefix “wp1″ with later installs starting with “wp2″ and so on. Hackers know this. It means they only have to guess one password to get into your database. Manual installs allow you to come up with unique database, user names and unique passwords.
If you are hosting with a good host that keeps their servers secure, you shouldn’t have to worry about hacking. Knowing that your host has a good understanding of Content Management Systems like WordPress is also important. Knowing they keep up on the latest WordPress security news means they’re aware of new holes they might have in their servers. Tight server security is also important.
WordPress does get hacked but not because it’s inherently insecure. It gets hacked because so many people use it. Very large and very visible sites may consider further and more technical security precautions, however, these four basic security steps should keep your WordPress installation safe from most random hackers. No site will be 100% safe but basic security will deter the casual, random hacker in almost all cases.
We’ll be posting more soon on keeping your WordPress site safe using plugins. Do you have any tips you’d like to share? Leave us a comment below!
Good solid advice. However, I would like to add a little about passwords and security.
I used to work with the information security industry, and have learned that it is best to make sure that all your passwords are at least 8 characters long. Passwords should also contain at least some special symbol, like a question mark or something like that. Hackers tend to use automated brute force scripts that try millions of combinations a second. They can break a password like “John1966″ too, even though it has 8 characters and even a mix of capitals and numbers. How? Well, they know that people tend to choose this kind of passwords so they have these password probability matrices that define common password types like “Name + Date of Birth”.
Anyways, you should also make sure to use a different password for every account you have, so that if one of your WordPress sites or even your email accounts gets hacked, the hackers would not automatically get access to all your stuff but just to that one site.
Alright, I see i got a bit carried away
.
I tend to get really talkative once I start speaking about something I used to work with in the past…
Good luck to you guys, and don’t get hacked!
Yes, I am also avoiding using “admin” as it is the most common user name being used, and its really not advisable to have it, and we must also avoid having a multi-users account as it is too risky..I enjoyed reading your article and I’ve learned so much from you..