WordPress is AWESOME…!
You can do so many things with the platform and make it look/act/feel like almost any form of website. Everything from an authority type blog, to a sales/squeeze page, to a membership site, to a portfolio for your work or a gallery for your photos! I just love it… There is no shortage of cool themes and plugins to use also that add great looks and great features to your site.
Due to it’s public domain existence and it’s global distribution and use, it is inherently a target for hackers.
Here is Part 1 of my short list of important and fairly simple tricks, techniques and methods that will help keep those nasty hacking b*ggers at bay. WordPress security should be one of your important thoughts and tasks anytime you create or update a blog or WordPress website. Remember though… there is no absolute foolproof means of locking them out permanently as they search relentlessly for flaws in new & old plugins, widgets and themes every second of every day! This means that if you don’t keep up with changes and know a smidgen about your site’s security… you are asking for trouble!
TIP #1 – Never, Never, NEVER Use Admin for your Username!
If you think about it, by using “Admin” or admin or administrator as your username when you first set up your WordPress site you have just made the hackers job 50% easier and 50% faster. You’ve given them 1/2 of your log in sequence… DUH! So the simplest and easiest and one of the most effective ways of keeping them out of your system is to just use something cryptic as your username. Pick part of your name and a number, use your pet name or your nickname… just use ANYTHING other than admin.
Here’s why (note- I started monitoring the log-ins Sept 9, 2012 and by June 7, 2013… 10 months later… there were 7,502 attempts to log in):
On the morning of May 30, 2013 a hacker using a brute force attack using many different IP addresses tried from 2013-05-30, 3:53 AM through to 2013-05-30, 7:04 AM… 6113 times (or almost 1 time per second) using the Username “admin”. Do you think he got in… uh uh!
No way because I simply did not use admin for a username. Would he have obtained access if I had used admin… probably!!
TIP #2 – Use A Complex Password
As you can see by above… it is not IF you are going to be attempted to hack in to your site but WHEN and HOW OFTEN… those are really the true questions. So if you have used something other than Admin/admin for your USERNAME… what did you use for your PASSWORD?
These days a 4-5 character word or set of numbers is just not even remotely good enough. You can see that hackers now use sophisticated software to hammer away at your site and throw every combination of numbers and letters and words at it hoping they will get lucky.
You need to use at least 8-10 characters AND use UPPER/lower case letters, along with numbers AND special characters such as #$&*_- to be truly safe from these brute force attacks. Use a free password reminder software such as LASTPass or Roboform to remember these difficult passwords as it is a cinch that you won’t !! Another tip is to create a short phrase using numbers as letters and adding in the odd character as a letter. That way you might be able to remember it without the software. Something like this – I love puppies turns in to 1l0v39@99i3$ so as long as you “love” puppies that may work for you and be quite a strong password.
TIP #3 – ALWAYS Update Your Themes, Plugins, WordPress Often
If you think about it… why are they continuously updating those darn plugins, themes and WordPress its self? It sure isn’t just to tick you off and make more work for you… its due to the fact that they’ve found flaws in the coding of them which need to be patched. These flaws are what the hackers dream about at night, searching for new, clever ways to infiltrate your site and do what they want with it.
Check in to your installs at least once a week to ensure that everything is up to date. An updated website/blog is a simple and efficient way to ensure you are getting the newest features AND helping plug holes in the coding to keep the bad guys out.
Continued in my next post… Stay Tuned To Find Out What Simple Plugins You Can Use To Block Hacks!