Four Ways to Secure Your WordPress Site From Hackers

10 Tips for Designing a Killer NonProfit Website

Securing Your WordPress Site

If you’ve ever been hacked, you know how serious it is to have your information compromised, and we’re willing to bet that you’ve already taken the proper precautions to avoid any future attacks.

For those of you who are still leaving your website security to chance, we urge you to take some simple steps to protect yourself in order to avoid becoming the next victim of a security breach. Not only are these violations obtrusive and time-consuming to remedy, they can also lead to branding issues, malware infections, Google blacklisting, and have a substantial negative impact on your precious SEO rankings.

Media Components advises that you take these four steps to protect your WordPress site from hackers:

#1. Stop using “Admin” as your username.

This one seems almost too easy, right? Wrong.

Changing something as simple as your username can make an enormous difference in the success or failure of an online attack. Most attempts at hacking into your account are brute-force attacks. These attacks use the username “Admin” while trying to unlock your password over and over again. Don’t make it easy for hackers! Change your username to something- anything- else.

To change your username, simply create a new user in WordPress and give that user Administrative rights. Next, delete the “Admin” user. If you’re worried about losing the content this user has created, don’t be. Once you attempt to delete the “Admin” user, WordPress will prompt you to either delete or assign the content to a new user.

#2. Only use CURL passwords.

We always tell our clients to implement the CURL rule for ultimate password protection:

Complex- Passwords must include a combination of letters, numbers, and symbols.
Unique- Use a different password for each unique site.
Random- Password generators like make this incredibly easy.
Lengthy- Passwords should contain at least 12 characters

Again, this is a simple, yet highly effective, way to reduce the risk of security breaches. Not only should common sense tell you that ‘12345’, ‘password’, or ‘qwerty’ are quite simple for a hacker to guess, but thanks to the Information Superhighway, it’s a piece of cake. Hackers can even search lists of articles that spell out the most commonly used passwords.

Check out “The 25 Most Popular Passwords” for yourself. This article ranks the most commonly used passwords and tracks their popularity from year to year. If you see your password on this list, you’re practically inviting someone to hack your account. Change your password immediately.

Right….but how will you ever remember complex, unique, random, lengthy passwords for every single site you sign into? Two words: Password Management.

Sites like LastPass are so valuable because they generate CURL passwords, store them in their encrypted database, and you only have to remember one master password for access.

(Please. Don’t make your master password “12345” or “baseball”.)

#3. Bring in the professionals.

As we discussed earlier, brute-force attacks target your login form attempting to unlock your username and password by trying different combinations over and over and over again until they gain entry. You can have your webmaster add a plugin- like the the All in One WP Security & Firewall plugin– to change the default URL (/wp-admin/) making it more difficult for hackers to even access your login form. You can also set up your website to limit the number of login attempts made from a specific IP address to deter attacks that try combination after combination.

Shared hosting implies some potential risks as your server is hosted alongside other websites. If those sites have security issues, they might affect yours. Select a website host that will preemptively secure your website from attacks and will support you in the event of a worst case scenario. For complete website security, we use and recommend Sucuri Security. Sucuri protects your site utilizing website firewalls, antivirus protection, DDOS mitigation, and malware prevention while safeguarding you from common vulnerabilities such as outdated CMS, plugins, and themes.

#4. Back it up.

While we wish website security methods could be 100% effective, we are in the business of risk reduction- not risk elimination. Protecting your WordPress account is important, but backing your WordPress site up often will ensure your information remains intact even after a security breach.

Should attempts at reducing your risk fail, plenty of plugins exist to make backing up your account simple and easy. We recommend CodeGuard, the world’s #1 website backup service, but there plenty of options to protect your site. For a monthly fee, you can rest assured that if you are the victim of hacking, your information will be restored in less than five minutes. While some backup solutions like CodeGuard employ a daily automatic backup, we recommend at least backing up once each week. While there are free alternatives, the price you pay for the peace of mind is worth its weight in gold.