WordPress Security Techniques & Plugins to Protect your Website It should be no secret by now that hacking is the new big business online. There seems to be at least one major hack per week being reported, not to mention smaller ones which don’t make the news. What chance do you, the average website owner who used a simple WordPress template to build your website, have against all of this?
If you’re smart, if you stay on top of your website, and if you read this simple guide you have a great chance. Online security doesn’t have to be as complicated as learning the whole new language that is programming. It can be as simple as using a few key plugins, apps, and techniques that makes your website not worth the time of a hacker.
1. Every password used must be strong
I know it seems simple, but so many people still get it wrong. Every list of the most common passwords still has ‘password’ and ‘123456’ listed very near the top. This usually isn’t too bad with WordPress websites as WordPress will generate a relatively strong password for you by default. Many people use that password and get that much right.
However, two common issues come up:
- Other users are given access to the WordPress site and their passwords are weak.
- CPanel passwords are completely neglected.
Fixing the first involves working with those you give access to the WordPress site and making sure they know the importance of a strong password. You can even set a strong one for them when you give them an account and encourage them to use one as strong as it.
The second is a concern because, even though your control panel is not directly connected with your WordPress site, it is still an aspect of how your site can be hacked. It is a piece of software from your web host, and you can typically access it by adding “/cpanel” to the end of your web address. You need to use a strong password for access here as well.
Before I go on to the next point; No “strongpassword” is not a strong password. You need a mix of upper and lower case letters, number, and symbols. Try “?Str0ngPassw0rd!” as an example. Those are zeroes, there’s upper and lower case, and two symbols.
Even that isn’t the strongest example. A password management tool will help even more. It can create complex passwords of over 20 characters long that are just random letters, numbers, and symbols.
2. Use CAPTCHA on your Login page
The people you work with on your webpage, especially freelance writers, will find this tedious but they’ll thank you …never. On the other hand, adding a CAPTCHA to your login page is one more way to keep a bot or script from successfully logging into your WordPress website via a brute force attack – you’ll keep those writers in a job.
An often used, and well reviewed, CAPTCHA login tool is CAPTCHA by BestWebSoft. You can use it on any web form, the login page being just one example. You can choose what letter and numbers you want displayed, it uses simple math problems to gain entry, and comes in 39 languages.
3. Use a VPN when logging into your WordPress website
One of the most vulnerable moments for your website is when you’re entering your password. This goes double for when you’re using WiFi, and the danger is off the charts when you’re using a public WiFi connection.
This is because of a favorite hacker trick where they insert themselves between your computer and your Internet connection. This can be a man in the middle attack or a fake WiFi attack, they’re basically the same thing. They both involve a hacker gaining access to the information you’re sharing with WordPress and being able to see your password as clear as anything else you type – and they will see anything else you type during these types of attacks.
A VPN will protect you by encrypting your entire connection to the Internet. Hackers will not be able to decipher your password from the string of meaningless encryption you’re transmitting when you connect to your VPN. Check out our 10 best VPN review list to start learning about which VPNs are your best option.
4. Plugins are a great threat – limit access
The number of bloggers out there giving away free information to hackers is pretty high. Hackers need information to hack, and your WordPress Plugin directory, found at www.”yourdomainname”.com/wp-content/plugins can be a goldmine. They can find a plugin there which they know to be weak, and get to work at attacking it.
You can block access to this by uploading a blank index.html file to that directory. Then, when a hacker goes to take a peek at it, all they see is a blank page.
5. Stay updated and don’t show your WordPress version
WordPress Security Techniques & Plugins to Protect your WordPress Website Keeping updated with the latest WordPress release is so, so smart because most of these updates are all about security. WordPress is ready to go, it doesn’t need much performance or ease of use work, but there are always security updates that it can tweak as new vulnerabilities are discovered. It’s free security – use it.
On the other side of things, freely displaying what version of WordPress you’re using is another piece of free information that a hacker can steal. If they find that you’re not updated, and using a vulnerable version, they’ll take that information and you will experience …unpleasant things, depending on the vulnerability. Here’s a simple guide to hide your version number on WordPress.
6. Backup your backups
Say the worst does happen and a hacker gets access to your website and deletes everything – after they steal all your data. What now? You better have a backup version of your WordPress Database, and your WordPress files, to restore it.
The easiest way to backup your files is to go to Tools > Export > Export file. This .xml file will have all of your post, pages, comments, fields, categories, and tags in it.
When you have found that all of your information is gone, or part is missing and you want everything back up to date, go to Tools > Import > WordPress and select the .xml file.
If there are certain pages that weren’t in your backup file fear not for there are other people who do have backups – Google, Yahoo and Bing. Remember that these search engines do not search the Internet, they search their files of the Internet. This means that they have your pages on their servers as cached files. Do a search for the pages of yours that are missing. Don’t click on the search result as the page is gone from that location and you’ll feel foolish.
7. Please, please stop trusting every download source :
Downloading plugins makes using WordPress easier. Do you know who else find plugins easy for their purposes? Hackers. They can simply install a little piece of malware into a plugin and have access to your website like you opened the door for them.
Only download from trusted websites, WordPress’ own Plugins page is pretty much the only place I’d trust. Even then I’d choose plugins with a good reputation built through numerous reviews. Stay off of wares, torrents, and unknown websites as they’re just not worth the risk.