Lesson One: Choose A Theme
Lesson Two: Install A Theme
Lesson Three: How To Choose A Plugin
Lesson Four: Install A Plugin
Lesson Five: Managing Plugins & Themes
Lesson Six: Adding A Menu
Lesson Seven: Widgets!
Lesson Eight: Security
How to keep your website safe from hackers
WordPress is the most popular self-hosted content management system (CMS) on the Internet. So many websites get hacked every day and hackers are constantly trying to find new bugs and vulnerabilities that can be exploited to gain access to WordPress based websites.
You don’t need to be an expert to keep your website safe. Here are some very simple but useful tips to secure your website and protect yourself from vulnerabilities:
Change Your Login Username
When creating a WordPress website the default username is “admin”. Therefore, this is the first vulnerability most hackers will look for. You can protect your website from brute force and other attacks by simply creating a new username that is unique to your site. If you’re installing a new WordPress site, you will be asked for a username during the WordPress installation process.
If you already have a WordPress site, you can change your username in two ways – you can do it manually or use a specialty plugin. The first method is very easy – all you have to do is follow these steps:
- Login to your dashboard as admin
- Add a new user with a custom username and a strong password (minimum 12 characters that do not create a dictionary word) and assign the administrator role
- Log out of admin account
- Log back in as the new user you just created
- Delete the default admin
- Attribute all content of the old admin to the newly added one
- Confirm deletion
- The second method for changing your WordPress username is also very simple. Choose and install one of many plugins like Admin Renamer Extended or Username Changer created to help you change your default admin username.
- Once you have changed your username, you can delete the plugin.
Use Strong Passwords
Passwords like “123456″, “password” and “qwerty” still remain surprisingly popular and it is startling how many people don’t understand the importance of creating a strong password.
Having a hard-to-guess password is the first line of defense against malicious hacker attacks.
Attacks, like a brute force attack, are not executed by individuals; they are performed by bots that test millions of login combinations in a very short amount of time. What qualifies as a good password? The longer and more complicated your password is, the better. Avoid dictionary words and common number series in your passwords.
An easy solution is to use an entire sentence that makes sense to you and that you can remember easily. If you are struggling to come up with something, use a password generator like Norton Password Generator or Strong Password Generator.
Just keep in mind to save your password in a safe location where you can easily find it. Also, changing your password periodically can help your website stay safe, preferably every couple of months.
Limit Login Attempts
Another way to improve security of your WordPress website is to limit the number of failed login attempts per user. If a user enters the wrong password more than specified number of times, you can lock them out temporarily or permanently. Also, we recommend you set an extended period of time a failed login attempt must wait to attempt another login.
We also recommend increasing the wait time with each failed attempt. By following these recommendations, you prevent or slow down a high-performance computer from attempting a large number of rapidly calculated password and username possibilities.
Employ a Two-Step Login Authentication – According to com two step authentication is a method of securing accounts requiring that you not only know the password to log in, but also that you must have another device provide a code that you enter to successfully log in. The benefit of this approach is that even if a hacker guesses your password, they would also need to have access to the device with the access code.
Keep Your Website, Themes and Plugins Updated
It is critical to maintain updated plugins, themes and WordPress to the latest version available. WordPress has introduced automatic background updates in an effort to promote better security. However, it only applies to core WordPress files and not to themes and plugins. They need to be updated via your dashboard or FTP. Having all your files updated to their latest available version is a security must. Also, it is best to delete any plugins or themes that you don’t use because there is a chance you will forget to maintain the updates. Lastly, it is important to delete or replace plugins and themes that are no longer maintained by their developer.
Download Plugins and Themes from Well-Known Sources – Do not download and install plugins or themes from less than well-known sources as they might come embedded with malicious source code. You can purchase and get for free, highly-rated, quality themes from ThemeForest.com and WordPress.org. There are also thousands of plugins and themes free to download from the official WordPress plugin and theme directory. For security reasons, before installation, you should definitely check the ratings of the selected theme or plugin. Also, verify compatibility with the latest version of WordPress and confirm that the last update was in the recent past.
When choosing a premium theme or plugin, we highly advise using the seller’s reputation, volume of sales and ratings to help you determine whether or not you’ll be satisfied. If the theme or plugin has a questionable rating, avoid it at all costs. ThemeForest and CodeCanyon are our go to resources for safe themes and plugins. Their developers are highly vetted and must pass a lengthy and thorough review process for each new theme and plugin submitted.
Backup Your Website Regularly
You must back up your website regularly. Before making any changes, backup your entire database so that in the event of a catastrophe you will be able to restore your site to the saved version within a few hours. You can backup your website manually or use plugins designed to help you perform effective and reliable backups. You should do it regularly or as often as your website changes. Do not keep all your backup copies; you need only the last two versions.
Keeping Your WordPress Website Safe
Employing these safety precautions, will help you avoid most attacks. Keeping your website safe should be a top concern and automated systems can help you with a lot of the effort. These seven tips are the basic security “best practices” for WordPress websites. Your site should – at a minimum – employ these security standards.