No matter how safe you think you are, it’s only a matter of time before someone hacks your WordPress site or gains access to your Admin records. Unfortunately, it’s not a matter of ‘if’ but ‘when”. The reason for this is that not only are millions of hackers and bots always trying to get access to places they should be, but also that other companies are getting their information and personal data hacked and leaked as well… which leads to your passwords from other sites getting leaked, sold and passed around.
This has now become a way of life for pretty much anyone doing business on the internet today. Whether you have an ecommerce site, a service based business or even as just a customer who is purchasing something online… our private information and passwords can easily be scooped up, hacked or guessed if we all don’t have the necessary precautions in place.
This is especially true for WordPress site owners and bloggers, as the WP platform is now powering millions of sites–which means hackers and bots know what works best when it comes to finding leaks and vulnerabilities in the platform.
With all of this in mind, we want to keep you safe and have some useful tips, tricks and resources to keep the bad guys out and the bots away. To further protect your most important site data and WordPress access, be sure to have the following implemented.
Have an Automatic Backup of Your Site
Few things are worse than having your site hacked or lost. The only thing worse would be to have everything hacked, lost and never having access to all of the value site data and content you’ve written and published over the years.
It’s a horrible scenerio, but definitely does happen. Even worse, is that there are very simple steps that could have been put in place to make daily backups of your site in case something bad was to happen. Heck, even a common WordPress update can cause an error and wipe out your files.
For times like this, a WordPress automatic backup solution like Snapshot Pro is a dream come through.
Created by WPMU Dev, Snapshot Pro is loaded with features to keep your site updated, backed up and safe at all times. Such features include scheduled backups, hosted and stored backups on The Hub, mega storage at super low prices, direct to cloud backup files and the ability to control when, where and how your backup data is being stored. Even better, if you have a network of sites or running multi-site, the plugin covers that as well.
Snapshot Pro is just one of the many premium plugins offered by WPMU Dev. If you would like to keep your site safe and secure no matter what, it’s definitely worth the time to check out.
Change Your Admin Username and Password
If you want to make it extremely easy for a hacker or bot to get in your WordPress site, all you need to do is keep your admin username as “ADMIN” and also use a generate password that is commonly known. A perfect example of this would be “password” or “abc123”. This is common knowledge, but you would be surprised with how many people are still using these silly passwords when setting up their accounts.
As for leaving the Admin username as “admin”, this is just giving hackers and bots one less thing they need to figure out. Since nearly all WordPress administrators are set up with the default name of ‘admin’, this is something all WP users should change immediately.
If coming up with and remembering unique usernames and passwords is a problem, there are plenty of password reminder tools out that that can store your password and even change it up every once in a while. And with this in mind, be sure to change your password often and make it more complex with numbers and capitalization.
Update Any Old WP Themes or Plugins
As a WP user, you are probably familiar with all of the ‘updates’ messages whenever you log into your dashboard. These aren’t in place to keep you annoyed with constantly updating different components of your site, but to instead keep your site safe.
WordPress plugins and themes need updates all of the time, simply because WordPress is also updating all the time. When new patches or versions of WordPress come out, plugins and themes need to make sure they are updated and compliant as well. If not, leaving such plugins and themes as is and not updating can leave open vulnerabilities for bots and hackers to find their way in.
The good news is, many web hosting solutions now offer auto-update for all WordPress core, in addition to plugins and themes as well. If your current web host doesn’t offer these features, another option to explore is The Hub — which is a WordPress management tool hosted by WPMU DEV. This solution also includes access to Automate, which is a service that is included within the Hub to make scheduling updates super easy.
As with all updates, it’s always recommended that you have an updated backup file in place.
Protect Your Home Computer and Devices
Just as important as the health of your online sites and data, is that of the data and health of your desktop and home computer. Since you are likely using your computer to create content for your blog and accessing your WP dashboard, your data could be at risk should your computer, laptop or mobile device be compromised.
Some quick and simple ways to make sure you are protected are as follows:
- Use virus protection software and make sure it’s always up to date
- Change your passwords often and make sure they all aren’t the same
- Only use trusted software downloads and browser extenstions
- Clear your browsing cookies weekly
- Run weekly virus and malware checks on your computer
The last thing you want is for your site to be fully protected and safe, and then later find out your home computer has a key stroke checker and someone was able to gain access to your site or WordPress admin by watching what you do online. It’s rare, but it does happen.
Use Captcha Verifications Where Possible
CAPTCHA forms are super annoying, but they work very well. Having to type in those random letters or choose silly pictures in boxes are just the latest defence when it comes to security, bots and hackers.
Knowing how to set these options up on your site and where is also half the battle.
For example, it’s definitel a good idea to add a CAPTCHA to the main log in page for your WordPress dashboard.
Another good location is on any forms that you might have on your site. By leaving these forms open with a generic submit button only, not only will you see a lot more spam come through, there are also options for security leaks and robot hacks as well.
This can easily be accomplished by using the Google Captcha plugin for WordPress.
While such methods might be annoying on other sites when trying to fill out a form, they might just be a life saver when protecting your own site.
The Security of Your WordPress Site Lies in Your Hands
You should now have a much better idea of not only how to protect your WP powered site, but also the many ways it can become vulnerable and open to online attacks. The more precautions and safety nets you have in place, the more likely you are to avoid any such disasters down the road.
Through the use of premium security options that can be put in place via your web hosting solutions and WordPress plugins, there is no reason why you should ever have to worry about the risk of losing your site.
Run through the list above and see how many of these security settings you currently have in place, and where you can improve upon.