WordPress in general is pretty secure platform for bloggers. As it is Open Source it is more vulnerable to hackers and there are many cases where popular blogs running on WordPress CMS have been hacked. Building and managing blogs requires lot of effort. But when all our valuable information is sucked by hackers, the time and effort put-in to create that blog will go wasted.
Hence, it is always advisable to take adequate steps to secure your private information in your blog. Below are simple tips to secure your blog from hacker attacks.
Use your Emaill ID as the Username
Avoid using the default username “admin” which is provided to you at the time of WordPress installation. This is one thing that makes it easy for hackers to break your account. Change the default username to something else that is hard to guess or simply install WP-Email plugin which allows you to use your email address to login to your WordPress blog instead of default username.
Restrict the number of failed WordPress login attempts
Potential hackers use brute force techniques to crack your password. A brute force attack is a technique used to find out your password through typing in every single possible password. Hackers make hundreds of attempts until they succeed in cracking your password.
As a counter measure, there are plugins that reduce the chance of someone hacking into your WordPress account. Login Lockdown is one such WordPress plugin that helps you in doing so. It records every failed login attempt along with the number of attempts and the IP address of the user. It allows you to define the number of attempts and the time period to block further login attempts. So, if a user fails after making several attempts to log in, the system then blocks any login requests sent from that IP address for a period of time predefined by you. You will also be sent IP blocked notifications to your email address. This plugin also allows to you release an IP block manually.
Update your WordPress blog and plugins
Latest versions of WordPress come with improved fixes for security holes and to add to the product’s functionality. Like any other software, WordPress also is vulnerable to bugs and security threats, and these are fixed as and when new versions are released. Hence, it is a good idea to always update your blog. Don’t forget to update your plugins and themes as well. With the latest versions of WordPress you are notified as and when the latest versions of your plugin are available.
Use Strong Password
This is the most crucial thing to do to keep your WordPress blog safe. But, many people use simple passwords that are easy to guess through modern brute force techniques. Never create a password using your date of birth, name or company name. Choose a password that is a combination of uppercase, lowercase, numerical and special characters at random. Let your password contain at least six characters. You also need to create unique passwords for different entry points. If you cannot remember all those passwords, store them in a safe place.
Avoid using Free Themes
Don’t install free WordPress Themes you find on Google or anywhere else because most of them contain dangerous codes. If you want to install a free theme, you can pick one from reliable companies or the one approved by WordPress. If you are currently using one, you can check the footer of your free theme. Sometimes, people add some keywords there and hide them using the same color as the blog background. For instance, the background of your free them is blue, the keywords will be blue too. Now, those keywords won’t be visible. And they’re nasty keywords. To ensure these aren’t included in your theme, go to your blog and press the keys Ctrl + A. Then, any hidden words will be visible.
Always Back up
Backing up is vital for all websites. Without backing up you cannot retrieve your data when something goes wrong with your WordPress blog. Also, if hackers get access to your site and you don’t have a backup; it will be very difficult to get back your site to its original state. You can backup your data either manually or automatically. It is better to opt for the second method because that way you never forget to backup and get the backup on fixed dates. There are plugins that help you with automated backups. My Backup plugin is one such tool that is set to back up every week and notifies you via email.