How seriously are you taking WordPress security?

wordpress login security

A couple of quick WordPress questions . . .

  1. Do you have a WordPress blog or website?
  2. If you just answered YES, then I’d ask you: How seriously do you take website security?

Are you thinking what some of our clients used to think?
“No one would want to hack into my little blog”
“Doesn’t WordPress take care of it for me?”

Well listen up and smell the coffee before you start crying over split milk. The above image is a small snapshot of unwanted login attempts on a WordPress site hosted on one of our web-servers and this is happening week in week out. These login attempts are automated and systems trawl the internet looking for WordPress pages and will almost certainly find yours someday.

Stuff happens!

A recent phone call from a prospective client, let’s call him John to protect his identity,  went along the lines of
John: “Our site got hacked and we’ve lost everything, we need some help.”
Me: “You’d like me to try and restore your back-up?”
John: “Err, well, err . . . we don’t have a back up”
Me: “Oh dear”
John: “We thought our hosting company did that automatically”

When it comes to WordPress security, ignorance and complacency will leave you exposed just like John was.

5 things you can do to improve security

  1. Don’t use the default Admin user account
    An easy start for a hacker is to try using the Admin login account. Set up another user(s) with administrative rights and once you are satisfied you can log in with this new account you may the remove the Admin user account.
  2. Use strong passwords
    Yawn, yes I know, passwords for this passwords for that, you just want to keep it simple. It’s your choice, however, with brute force dictionary based attacks, weak passwords are vulnerable.
  3. Keep WordPress up-to-date
    Ensure that you are running the latest version of WordPress – it’s quick and easy to do, just ensure you’ve backed up before installing the update.
  4. Keep PlugIns up-to-date
    If you’ve installed any PlugIns make sure these are kept up-to-date too.
  5. Use a Security PlugIn
    There are many security plugins that can help strengthen your site’s security. Take a look at the Security PlugIns to see what’s on offer.

Yes I know this seems like this is a lot of work to strengthen defences, however, ask yourseld the cost to you of being hacked. If (this shouldn’t be an ‘if’) you have a good back-up policy then restoring your site shouldn’t be too difficult. I’m feeling the need to publish a blog post on backing up WordPress.

Posted in blogging, wordpress.