10 ways to secure your WordPress site

Sometimes your WordPress site isn’t secured well at all. Some methods I discuss how to deter are like leaving your front door open with the key in it! It’s just waiting for someone to find out and walk in then take what they want and get out.

Encrypt your dang login!

When you login to your site, your password isn’t encrypted. This means if you are at Starbucks or public wifi spot information sent could easily be picked up by a hacker that only wants to do harm. I recommend the chap-secure-login plug-in. It adds a random hash to the end of your password to protect your login

Keep track of your authors privileges

As we all know people sometimes gain our trust and then completely break it. Take this into consideration when managing your site. Define what authors can and can’t do so you won’t have to deal with a mistake in the future. Install role manager to help you.

Remove your version info!

There are many security vulnerabilities in specific versions. Just by looking at the source code of your site, they could get a hold of this and make a version specific attack towards you.  To remove this info go to your dashboard, then theme editor and look for

Backup your database!

You might be super secure. That’s good but maybe there’s a bug that could delete important files you don’t want gone. Backup your database with this plug-in. Do this regularly incase worse comes to worst.

Do regular scans

Just as your computer needs to be scanned, so does your wordpress site! Why don’t you use this plug-in to check for up to date loopholes and exploits that have been found by various people

Change your login name

It isn’t that hard for a hacker to crack the login when the default it usually “admin”. Don’t fall for this tomfoolery. Change it to something unique to you that you would remember of course. Go to Users and set up a new user account. Give this new user administrator role. Log out and log in again with the new user account. Go to Users again. Check admin. Delete it. When it asks you to confirm it select “attribute all posts and links to:” and select your new user. Bam, confirm and you’re done

Sometimes people try too hard…

Sometimes hackers use something called brute-force. This means they use a program to try every combination possible. Install login-lockdown. This will record the IP of each failed login attempt. After a select number of tries it will disable login in that location. Make sure you don’t forget your own password! This plug in would not be helpful in that case.

Protect your admin directory!

Wp-admin is very important. Use this plug in to protect it by password. This is very important. If someone somehow gains access to this folder, they could wreak havoc. You don’t want this.

Upgrade, Upgrade!

Upgrade all of your plug-ins when they come out with update. Also update your wordpress version. Many fixes for bugs and vulnerabilities are almost always in latest updates.

Make your passwords alpha-numeric!

Even though I showed you a plug-in to secure your password further with the hash at the end, there are still more measures. Make sure you have letters and numbers in your password! This makes it harder for someone to figure it out!

Leave a Comment