How to Make Sure your WordPress Website is Safe and Secure

How to Make Sure your WordPress Website is Safe and Secure

Andy Holland

Security is important. There are plenty of people out there wanting to steal your information and render your site useless. This vulnerability is especially worrying for the WordPress user. As the most widely used CMS, it’s a commonly targeted by hackers through DDOS attacks.

These are often automated attacks which seek out those users which are using default usernames, outdated installations and weak passwords. Don’t expose yourself to this threat. Here’s 5 ways to strengthen your WordPress fortress and keep it free from unwanted visitors.

Don’t use the default username

In an effort to bolster their security many users create a super complex password, but what about the username? Those which haven’t been changed since their inception – usually the default ‘admin’ – are most susceptible to attack. To create a new user, simply go into ‘Users’ and click ‘Add New’. Be sure to give it the role of ‘Administrator’ for complete authority and choose the setting to transfer all old posts to the new username. Now login in with those new details and delete that old username.

Download an IP address blocker plugin

The brute force attack is become increasingly widespread. This method of repeatedly attempting to crack a user’s login is surprisingly effective. To overcome this form of hacking, be sure to download a plugin such as Login LockDown or BruteProtect. These monitor each failed login attempt, and detect the IP range from which their occurring. After a few failed attempts, the Plugin will disable all logins from that IP address.

Blacklist IP addresses

This should only be considered for the one-person blog or very small organisation. For the very cautious it provides complete reassurance. By blacklisting all IP addresses apart from your own, any and all hackers will be locked out before getting started. It’s quick and easy to do by adding code in the /wp-admin/ folder, but seek out a WordPress professional to help you. Be warned though, for those who use several IP addresses it can be annoying. You would have to constantly add the new IP address which for some, is simply too much hassle.

Never allow guest registrations

Unless you have a membership site, or online shop where this will be a fundamental part of your site. Otherwise, there is no good reason to allow visitors to register for an account. Ensure this facility is switched off, by clicking on ‘Settings’ and unchecking the option for ‘Anyone can register’.

Always upgrade

Upgrading is an essential part of WordPress, but many users neglect to click that ‘update’ button. It may seem like a waste of time, but this could leave you open to attack. Making software more resistant to hackers is one of the many reasons software is upgraded. Be sure to upgrade all plugins, get up to date with the latest version of WordPress, and download the latest version of your theme. The WordPress update is now automated and a one-click process. There’s no excuse for avoiding this key safety measure.

Andy Holland

Author Andy Holland

More posts by Andy Holland