So how to we prevent hackers from getting into our website, and improve the security or our WordPress installation?
Well here are some tips that every WordPress website or blog owner should implement, to keep their website secure and free from attacks.
1. Keep Your WordPress Version Updated
WordPress is constantly updating its code and making security improvements. The moment that these updates become available, you should click the ‘Auto Update’ button at the top of your WordPress dashboard, to ensure you are always running the latest version.
2.Keep Your Plug Ins Updated
Plug in vendors are also making security updates to their code and these should be checked regularly for updates.
Available updates are easily seen in the WordPress dashboard, as a number in a circle will disply next to the ‘Plug ins’ link on the WordPress dashboard.
3.Ensure You Use Secure Passwords
Yes, I know every one tells you that you need a complicated password for your WordPress login – and we also all know that complicated passwords are difficult to remember!
A strong password should have a mixture of characters (!*&@#), Capital letters and small letters, together with numbers.
So heres an easy tip to make a strong password thats easy to remember.
Think of the name of your favorite song
Add some characters and numbers to this – for example, if my favorite song was ‘Candle In The Wind’
It could become
Although this would not be as secure as a totally random selection of characters, letters and numbers, it is still a very strong password, that should keep the cyber criminals at bay!
Install a Security Plug In
A WordPress security plug in such as ‘BruteProtect’ is a light weight that will add a security layer to your website.
‘BruteProtect’ records the IP address of any failed attempt to login to your WordPress dashboard. If the login fails after a specified number of attempts, it then locks out this IP from further login attempts for a pre-determined period of time.
Use a good hosting provider.
A good host will use its own security software, and run regular malware scans of its server. You should check with your host that they use BruteForce protection which, like the ‘BruteProtect’ WordPress plug in prevents multiple failed login attempts to your hosting back end.
Keep Your Personal PC Virus Free
Whilst all of the above discusses malicious attacks directly from the web, an infection on your own computer, with any type of keylogger, could give cyber criminals access to your WordPress and hosting account (as well as other programs that you may log into from your PC)
You should ensure that you use a good up-to-date Anti-virus software on your PC and run regular scans.
If in the event your personal PC does get infected, you should let your host know immediately, so they can scan your website files and quarantine any infections.
You should then cleanse your own computer, before updating your WordPress, and hosting account passwords.
Finally, keep an up-to-date backup of your website on your own PC, as this can be restored should the worse happen!