⌄ Scroll down to continue ⌄

Help, I’ve Been Hacked! How To Secure Your WordPress Site Against Hackers

⌄ Scroll down to continue ⌄
Help, I’ve Been Hacked! How To Secure Your WordPress Site Against Hackers

Of the top 1 million websites, WordPress has a 65% share of all Content Management Systems (CMS) being used. There are currently around 64 million WordPress blogs and websites in existence, making it an incredibly attractive target to hackers.

⌄ Scroll down to continue reading article ⌄

⌄ Scroll down to continue reading article ⌄
wordpress logo

    Just recently, [pullquote position=”right”]WordPress made headlines when it was the subject of a massive botnet hacking attempt, which managed to compromise 90,000 sites.[/pullquote] It did this with a brute force attack, trying to log in with the standard “admin” username and a list of thousands of potential passwords.

    I myself have been the target of WordPress attacks in the past, but by following these simple steps, I’ve managed to thwart off potential attackers since.

    ⌄ Scroll down to continue reading article ⌄

    ⌄ Scroll down to continue reading article ⌄
    • The number one most important thing is to make sure your WordPress version, themes, and plugins are all updated to the latest version. These updates often include bug fixes and patches to secure against attacks. Updating all of these is easy! When you log into WordPress, the admin bar at the top of the screen will alert you if there are any updates available. Simply click on the update button and you can update everything to the latest version in just a few seconds!

    wordpress updates
      • It’s also important to delete any themes and plugins that you’re not using. Every theme and plugin is another potential way that hackers could get into your site. If you’re not using it, get rid of it!
      • Change your default username. The username “admin” should be one of the first things you change. In fact, if you’re doing a new WordPress installation, just choose a different username to begin with. This default username is how 90,000 WordPress blogs were hacked recently. Unfortunately, it’s all to easy to figure out if someone has changed the default username or not. If you want to see, just look at the screenshot below. If you try to log in with the username “admin” and the wrong password, WordPress actually comes back with an error saying, “The password you entered for the username admin is incorrect.” If that username doesn’t exist, WordPress returns a different error: “Invalid username.” I’m not sure why it announces to the whole world which usernames exist and which don’t, but changing from the default username is one of the best things you can do to improve the security of your WordPress installation.

      ⌄ Scroll down to continue reading article ⌄
      ⌄ Scroll down to continue reading article ⌄
      wordpress admin login screen
        • You should also change the standard log-in URL from yoursite.com/wp-admin to something else. It amazes me how many BIG websites haven’t even made these simple changes! Give it a try on some of your favourite websites; you’ll be surprised how many haven’t even covered the basics when it comes to security.
        • Set a secure password – don’t use dictionary words. Use a combination of upper and lower case letters, numbers, and special characters. This is not unique to WordPress; you should be employing this practice on anything that requires a password, like internet banking or computer passwords.
        • Enable 2-step authentication on your WordPress site. This is pretty straightforward to do and is something you’ve probably seen if you use internet banking. An example is if you try to transfer money, it will send a unique code via SMS to your phone, which you have to enter in addition to your regular password.
        • Remove all default posts, comments, pages, etc. as these indicate that your site might be fairly new and make it a more attractive target.
        • Change the prefix on your database tables from the default “wp_” to something else. As with the default username, this is something you can actually set when first installing WordPress.
        • Hide your WordPress version number. This way, it won’t stand out to hackers if you’re not using the latest version.
        • Back Up! There are plenty of great backup plugins available, and many are free. If the worst happens and you are hacked, you’ll be back up and running in no time.

        Are you ready for some great news? You can implement most of the ideas above and MORE with the click of a button. How? Install the Better WP Security plugin. It even has some advanced features like blocking IP addresses that attempt to log in (incorrectly) too many times, and you can create a blacklist of IPs. I’m surprised how many e-mails I get alerting me that people are trying to either log into my site or trying to access a URL that doesn’t exist (usually the default log-in page at /wp-admin/). You can also use the IP tracer to see where the attempt originated from (most of mine seem to be from Russia or China).

        Do you have a great WordPress security tip? Leave it in the comments below!

        ⌄ Scroll down to continue reading article ⌄
        ⌄ Scroll down to continue reading article ⌄

        And if you want to take WordPress to the next level, check out this article: Top WordPress Plugins for the Smart Blogger.

        More by this author

        How to Find the Cheapest Flights
        How to Find the Cheapest Flights
        How to Get the Best Hotel Deals
        How to Get the Best Hotel Deals
        21 Ways to Get the Best Travel Deals – Car Rental
        21 Ways to Get the Best Travel Deals – Car Rental
        The Impact of the Electric Car
        The Impact of the Electric Car
        Help, I’ve Been Hacked! How To Secure Your WordPress Site Against Hackers
        Help, I’ve Been Hacked! How To Secure Your WordPress Site Against Hackers

        Trending in Technology

        1 25 Apps For College Students To Boost Productivity 2 How to Make Private Browsing on Safari Truly Private 3 27 Excel Tricks That Can Make Anyone An Excel Expert 4 Secure Your Internet Privacy With This Guide 5 10 Best Spy Apps for iPhone in 2022

        Read Next

        Advertising
        Advertising

        Explore the Full Life Framework

        Advertising
        Advertising