Hi ,
I
am sure you would have noticed that my past messages to you have been
related to security. This is due to the recent increase in activities of
hackers and I thought it best to enlighten you to be sure that you are
safe. Today, I would be focusing on WordPress.
WordPress
is a fantastic easy to use tool that was once used for blogging but now
powers most sites on the Internet. With the large number of plugins
available out there, free and premium, you can do almost anything you
want with WordPress. Because of its popularity, it has also been the
focus of many hack attempts. Last year, there were brute force attempts
on WordPress sites worldwide that even led to servers becoming
unresponsive. We wrote a post about this and advised on steps to mitigate this.
How to secure your WordPress site
WordPress sites are still being attacked daily. To avoid being a victim, here are some important steps you need to take.
▪ Use very strong passwords.
I cannot state this too many times. Don't use simple passwords. Hackers
would always use various combinations to guess your password and if
your password is in any dictionary, you have just made their job a whole
lot easier. Your password should be at least 8 characters long with a
mix of upper and lowercase letters, numbers and special characters
▪ Don't use admin username. Is the username of your administrator admin? Most WordPress users maintain the default username. This is a security risk as most hackers simply use this default username and try guessing the password. If you are still using "admin", create a new user with admin privileges (you will need to use a different email address than the one attached to the current admin) and give it a strong password as defined above. Then log back in as the new user and delete the old admin account and assign all of the posts in that account to the new user. This shouldn't take up to 5 minutes.
▪ Update WordPress. WordPress always releases security updates to plug security holes that may exist so always ensure you update your WordPress installation and your plugins too.
▪ Install a security plugin. There are several plugins that can help increase the security profile of your WordPress site, such as Better WP Security or WordFence.
▪ Consider CloudFlare or SiteLock. You may signup for a free CloudFlare account and then route all traffic to your site through CloudFlare services. CloudFlare can help block suspicious traffic to your site. If your site is hosted with us, you may activate CloudFlare easily from your cPanel. SiteLock also offers a similar service which blocks out suspicious traffic. SiteLock however offers the additional advantage of scanning your site and removing malware if you do get infected. You may click here to read more about SiteLock.
▪ Don't use admin username. Is the username of your administrator admin? Most WordPress users maintain the default username. This is a security risk as most hackers simply use this default username and try guessing the password. If you are still using "admin", create a new user with admin privileges (you will need to use a different email address than the one attached to the current admin) and give it a strong password as defined above. Then log back in as the new user and delete the old admin account and assign all of the posts in that account to the new user. This shouldn't take up to 5 minutes.
▪ Update WordPress. WordPress always releases security updates to plug security holes that may exist so always ensure you update your WordPress installation and your plugins too.
▪ Install a security plugin. There are several plugins that can help increase the security profile of your WordPress site, such as Better WP Security or WordFence.
▪ Consider CloudFlare or SiteLock. You may signup for a free CloudFlare account and then route all traffic to your site through CloudFlare services. CloudFlare can help block suspicious traffic to your site. If your site is hosted with us, you may activate CloudFlare easily from your cPanel. SiteLock also offers a similar service which blocks out suspicious traffic. SiteLock however offers the additional advantage of scanning your site and removing malware if you do get infected. You may click here to read more about SiteLock.
These simple steps can make a whole lot of difference. You may also check out Wordpress Under Attack: How To Avoid The Coming Botnet and More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack for more information. You may also visit Hardening WordPress to learn other steps on securing your site.
No comments:
Post a Comment