This is a guest post by Sarah Rexman.
WordPress sites are vulnerable to viruses and attacks from hackers. If you have a very popular WordPress site, your competitors may try to attack your site to put you out of business. Others may attack your site to try to steal your information to take money from you.
It is very important to secure your WordPress site to withstand attacks and to protect the investment you have put into building a successful blog. You don’t have to be a developer or a hacker yourself to understand how to protect your site. Here are a few easy steps you can take to secure your WordPress site:
Choose a Good User Name and Password
How many of you are still using “admin” for your WordPress login user name? If you are, hackers already have half the information they need to access your site. Using “admin” as your login user name is akin to using “1234” as your password. You’re making it too easy for someone to get into your site.
You should choose a different name for your login – something hard to guess (not your name!) – and create a password that’s hard to choose. Some good tips for selecting a password include:
- Choose a phrase instead of a single word.
- Combine letters with numbers and symbols
- Do not use personal information such as birthdays, addresses, or names.
- Do not use common phrases or combinations such as “hello” or “password”.
- Be sure to change your password often to keep it secure.
Keep Software Up-to-Date
Out-of-date plugins, themes and even the WordPress software itself can create security risks for your site. Be sure to check for updates regularly. WordPress offers options for you to check for and download updates automatically.
If there are any plugins or themes on your site that you are no longer using, you should delete them. They present a security risk and make your site vulnerable to hackers.
Choose Trusted Sources
Before you ever download any plugins or themes, you should research the developer to make sure you are downloading from a trusted source. You never know whether your plugin or theme may be coded with a Trojan horse, worm, or other virus.
If you don’t have experience with a provider, research the company’s reputation on forums and sites that offer profiles and reviews of companies. Look for any reports about problems with the software and follow up where possible. If a developer is distributing themes or plugins with harmful content, news will spread around the web quickly.
Don’t Allow Users to Register
If you allow for guest posting or community contributions on your site, it may be tempting to allow members to register themselves to post content on your site. However, doing so may put your site at risk for attacks.
Be sure to manually register all users authorized to post content on your site, and make sure you have selected the appropriate controls.
Back Up Data
Regularly backing up your data is a good security practice for your computer, as well as any online activity. For a WordPress site, backing up your data is as simple as opening up your FTP client and copying all the folders to a location on your computer or an external hard drive.
There are also plugins that make backing up your data easy, and information can be stored by cloud providers. Check WordPress for a complete list of recommended backup plugins.
You don’t have to be a computer expert to keep your WordPress site secure from hackers. Taking these simple steps can help keep out most unwanted visitors. If you feel that you are particularly vulnerable – because you have a very high-profile or lucrative site – you can hire a professional to create custom security measures for you.