If you’re like 75 million other sites online, there’s a good chance your website runs on the WordPress platform. It’s not really surprising, since it’s user-friendly, free and there are plenty of options to create just about any site you can image. Unfortunately, this means that the platform is very attractive to hackers. However, there is a bright side to this.
With all the “easy pickings” out there, chances are that if you make your site a difficult target, most hackers will simply move on to greener pastures. In fact, many hackers simply use automated programs in an attempt to exploit known holes in your site’s security. This means that a few simple changes can go a long way toward making your site an undesirable target for most hacking attempts. Here are some of the easier ones you can use right now:
Don’t Use The Default Admin Name
If someone is trying to get into your account by guessing your name and password, using the default “admin” name is giving them half the answer already! Changing your name makes it much, much harder for intruders to gain access to your backend. In fact, most automated hacking programs will be programmed to try to find the password for the admin username. If that account does not exist, then they won’t succeed no matter how hard they try.
Use A Very Strong Password
Along with changing your name, make sure that you pick a password that won’t be easily guessed. That means including a combination of upper and lowercase letters, numbers and also symbols. This may seem like it falls under the kind of common sense information that everyone should already know, but despite all the warnings and examples, people will still use “123456” and feel secure.
Upgrade as soon as new versions come out.
While the newest version of WordPress has automatic background updates, this tip applies to plugins as well. Whenever an upgrade is available, your first priority should be to install it. These upgrades very often plug known security holes. Keeping the old versions means that you’ll be at a greater security risk. Having everything up to date means that you’ll be a secure as possible.
Move your configuration file.
Your wp-config file contains all the information a hacker needs to gain access to your site and database, and it’s pretty easy to find. Luckily, one great feature of WordPress is that if it does not find the file in the usual place, it will look in the directory above the one it is installed in. Taking advantage of this, you can move your wp-config file out of the public_html (or www) directory, and your file will be safely locked away in a more secure and private directory. If you’re not comfortable doing this yourself, be sure to consult your web technician or webmaster.
Hide Your WordPress Version
Some automated hacking systems look for particular versions of WordPress that they know have security holes. By removing your WordPress version from your header, they will not have access to information that will prompt them to try the exploits. This is particularly useful in the event that you are unable to update WordPress straight away. You can find a good guide for doing this yourself here. Or, if you are uncomfortable doing this yourself, be sure to consult your web technician or webmaster.
These tips won’t make you invulnerable to malicious programs or hackers, but they will make you a less attractive target. Do you have other ideas for securing your WordPress site? Share them in the comments below.