WordPress has evolved far beyond a standard blogging platform it was originally built for into a full fledged open-source Content Managing System (CMS). Today, many businesses use WordPress to power their websites, blogs, or even online stores. Earlier this year, Matt Mullenweg, the founder of WordPress, pointed out that about 20% of websites (over 60 million) on the Internet are running on WordPress with a staggering total of 4 billion monthly page views.
The popularity of the platform however does not always bring good to the company. It’s fame and openness has lured many hackers to try and hack businesses’ websites that use the platform. According to a research conducted by Forbes, there were about 30,000 WordPress sites hacked every day in 2013. Although a few major updates released by WordPress have fixed most of its security flaws, the platform is still very much prone to hacks and malwares.
So how can you secure your WordPress sites? Keep reading to find out how you can protect your WordPress sites easily – even if you are a beginner!
1. Delete The Default “Admin” User
By default, the username of your WordPress administrator is set to “admin” in which you can’t change. Most people simply can’t be bothered to create a new user account with administrator role. This makes it much easier for hackers to sneak into your site, as they can focus 100% on getting your password using the brute force method. If your password is not strong enough, chances are they can gain access to your site within minutes!
To avoid this, you can first create a new user account (if you haven’t already) from the “Users” page on your WP Dashboard. It’s best not to use your own name as the username as it’s too easy to guess by people who know about your website or company. For the best protection, use a random or complex combination of username and password. Also, don’t forget to set the role of this new user to “Administrator”.
Once you created this new “Administrator” account, you can log out from the Dashboard and log back in using the new account you just created. Go to the “Users” page again and then delete the default “Admin” user. This way, hackers will no longer able to brute-force the password of your “Admin” user.
2. Change The Default WordPress Admin URL
Another crucial security element set to ‘default’ for all new users on WordPress is the admin page URL, which is /wp-admin (i.e. sitename.co.uk/wp-admin). This gives hackers the luxury of not having to guess or work hard to get the location of your key page.
To change the admin URL of your WordPress easily, you can use one of the following plugins: LockDown WP Admin, Better WP Security, or HC Custom WP-Admin URL. These plugins will conceal the administration login page from hackers and redirect them to a different page (i.e. 404 page). My personal favourite is the Better WP Security plugin as it offers the simplest settings interface.
Installing WordPress plugin itself is pretty straight forward from the “Plugins” page on your WP Dashboard and require no technical knowledge whatsoever. You can refer to this page if you need any help or guidance.
3. Avoid Using Easy-To-Guess Passwords
Everyone knows this, but ironically the majority of hacked WordPress sites are caused by weak passwords. So what are the criteria of a strong passwords then? You can use this mini checklist below to make sure your password is rock solid.
- Use the 8-4 passwords rule, which is a minimum of 8 characters length with 4 types of different characters (1 uppercase, 1 lowercase, 1 number, and 1 special character). If you can’t be bothered to be creative with your passwords, you can use a strong passwords generator that implements this rule.
- Avoid using the same passwords across multiple different websites. To put it simply, don’t put all your eggs in one basket!
- Bad grammar and spelling makes good passwords. If your passwords contain a word, phrase, or name, ruining the grammar or spelling of it will actually make your passwords more secure (i.e. ihas4Dog*, HapPyN3ss!). You get the idea.
- Change your passwords at least once every 6 months.
These are the 3 easiest way that I know of to help make your WordPress site more safe. In addition, you can also further secure your site using these 5 WordPress Security Plugins. Using those plugins may require a little bit of technical knowledge, but it’d definitely make your WP site more secure than ever! Check it out!