Throughout the years, WordPress has quickly become the most popular content management for both businesses and individuals alike. In fact, as of 2017, there are over 17 million WordPress websites out there, which means that just over one quarter of the web, and at least three quarters of blogs (such as this one), is powered by this service.
As impressive as this is, it also means that taking good security measures is imperative in protecting your website. And there is a very good reason for this: everyday over one million new strains of malware are created to attack sites! All it takes is one identified infection to have your website blacklisted from Google, and each week over twenty thousand websites are blacklisted by Google for containing malicious malware and a further fifty thousand are identified as phishing sites. You might have remembered our blog post from a couple of months back when we reported that earlier this year around 1.5 million WordPress websites were hacked following a vulnerability disclosure. Unfortunately, attacks on websites are a very serious problem that needs our attention.
Fortunately though, there are some simple steps you can take in securing your website so, hopefully, you won’t become a victim to cyber-attacks. Below are simple simple steps in securing your WordPress website.
Do not use the Default Login Username
A lot of people forget this simple security step, but it is very important in securing your website. It’s really simple: Do not have ‘admin’ as your WordPress login! Brute Force Attacks work by going to your website login and typing ‘admin’ followed by a combination of passwords. This is the basis of most website hacking attempts. Simply removing ‘admin’ as your login will stop this attack outright and make it a lot harder to access your site.
Choose a CLU Password
Remember this acronym: CLU = Complex. Long. Unique. It may seem obvious, but a bad password is how websites, email accounts, online bank accounts, etc, are hacked on a daily basis. Do not make it easy for hackers and ensure your passwords are complex, long, and unique. That simply means designing passwords that contain multiple numbers and capital letters, that are unique to other passwords you may have, and are at least 16 characters or longer.
Use Two-Factor Authentication
Even with a secure username and password, it may still not be enough to completely secure your website. Two-factor authentication is an additional layer of security that makes attacks even less likely. Most online banks use this system and its fairly simple – once your unique username and password are typed in, you will then be asked a question that you and only you will know. This will be the final line of defence for a brute force attack and it nearly always works. Fortunately, there is a great plugin for this: Google Authenticator.
Limit the Login Attempts
This setting is imperative in optimizing your WordPress security. You can simply limit the amount of login attempts from a certain IP address, or you can use a dedicated IP address for your login. This should further stop remote access to your website.
Stay Up-To-Date with WordPress Updates
A big part of the reason why so many websites were attacked back in February was because WordPress users did not update their system. This simple step further secures your websites from hacking. Fortunately, you can change the settings on WordPress to make all updates automated. If you elect not to have this option, then at least ensure you are keeping on top of this. The vast majority of websites hacked are simply due to having out-dated versions of the CRM or WordPress plugins.
Consider a Good Security Plugin
Security plugins are designed to ensure that your website are as secure as possible. Not only do they block attacks, but they also constantly monitor your system for suspicious activity and respond quickly to threats. There are plenty of great plugins out there that secure websites. We recommend Securi, but do some research and find a plugin that is right for you.
That should get you started. There are plenty of other measures you can take to secure your WordPress website, so be sure to read other blogs on the subject to maximize your online security efforts!