WordPress is one of the most popular platforms for self-hosted blogs and websites. In general, WordPress is an excellent platform that offers many advantages and it is relatively safe and stable most of the time. However, being a popular and open source software, WordPress is certainly more susceptible to malicious attacks.
But after putting in all of the time, and perhaps money, into your website or blog, you need to employ any and all appropriate countermeasures as quickly as possible. The best preemptive solution is to increase security associated with WordPress.
This article highlights several basic tips that you can use to secure and lock down your WordPress site and to fortify it from attacks.
1. Stay Up to Date
Never forget to update your WordPress, plugin/widget, and theme to the latest version. It’s the first thing you should do! This is something I see most people aren’t doing. It will only take a minute and if you’re not updating then you’re taking unnecessary risks. Subscribing to the plugin/widget/theme Author’s RSS feeds makes keeping up with them much easier.
2. Make Backup
Take regular backups of your site and database. This puts you on the safe side because if your site is compromised, you will be able to restore it. I recommend at least taking weekly backups. Making backup isn’t hard and doesn’t take much time and you can use the plugin to do it.
WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database. Once the database is backed up you have the option of either emailing the backup to yourself, saving it your hard drive or saving it on the server.
3. Use Strong and Solid Passwords
It’s one of the easiest defenses against being hacked. Do not use something that is easy to predict. Create something complex and not easily broken, a mixture of upper and lower case letters with a few numbers or symbols. If you want to find out more about creating strong passwords then read Lorelle VanFossen’s article on The Blog Herald, Protect Your Blog With a Solid Password.
4. Do not Use the ‘admin’ Account
Everyone who has ever used WordPress knows that ‘admin’ is the default account after you first install WordPress. This makes it easy to employ brute force cracking techniques since the username is already known. So go create a new account with administrator privileges and change the privileges of the ‘admin’ username to a subscriber, or just delete the ‘admin’ account entirely.
5. Protect Your WordPress wp-admin Folder
Protect wp-admin directory by IP address or password, which will another level of password access to the wp-admin folder. This was pointed out by Matt Cutts and it has saved him from attacks.