How Safe is Your WordPress Site?

A few days ago when I check in to my email account, I was greeted by a notification that someone attempted to log into my website. Thankfully I had some security, not much but obviously enough to thwart an attack by a hacker. Since then I have heard of others who have had their sites infiltrated and some weren’t so lucky. Hackers can create a lot of damage, ruining all of your hard work or even worse, use your site for other (even illegal) activities without your knowledge.

There are a lot of security plugins out there but which ones do you trust? Read the reviews on wordpress.org or recommendations from your peers is a good place to start. I used Wordfence on my site and it prevented a low level attack but I’ve recently bought Blog Defender 2015. It seems to be a good solution for now with only a small investment to keep my site safe.

There are some things you can do to make sure that you’re not giving hackers “a foot in the door”, so to speak.

The most obvious one is to make sure your using a strong password. So many use passwords that are easy to guess, making it easy to break-in. You can change your password from the wordpress dashboard, go to users and click on the user profile you want to edit. Scroll down to “new password” and type in a nice strong one. Use capitals, special characters and make sure it is between 8 and 16 characters in length. At the bottom of the page, click the “update profile” button and you’re done.

Like the password, the username is an often overlooked security control with many site owners leaving it at the default setting – admin. Whenever you create a new wordpress site, make it a habit to change the username to something other than admin and if you still have that as a username, it’s in you best interest to change it now. From the wordpress dashboard, navigate to users, then add new user. You will need to fill out a new profile with a user name and password making sure you set the “role” to “administrator”. Once you’ve done that, delete the old user profile with the admin name.

Using backups as an insurance, that if something does happen, you can get your site back quickly. Again, there’s a plugin for that, many of them can be scheduled for automatic backups so they can be done at regular intervals, like weekly or monthly, depending on how frequently you post. Every article I write is done in a wordprocessor and exported into wordpress for publication, so I have backups of every post on my computer as well.

Always make sure you have the latest version of wordpress. It will automatically update itself but with all the different plugins and wizzbang themes, sometimes this is not the case. If you log into your wordpress dashboard and there is a new version to be updated, you should do so right away. Just click on “dashboard’ then “updates”, then on that screen click the link and it will update.

You can also check to see just how vulnerable your site is to attacks by clicking here. Just type in your url and you’ll get the results, good and bad. If you are unsure how to fix any security problems, you might want to have a look at Blog Defender.

So there are a few simple ways to improve security straight away. However, I would suggest adding some security software, at least Wordfence,  just as I did. It certainly saved me from getting locked out of my site or worse.

Worth a look:

Wordfence

Watch this video on site security


3 thoughts on “How Safe is Your WordPress Site?”

  1. Hi my name is Denise and I just wanted to drop you a quick note here instead of calling you. I came to your How Safe is Your WordPress Site? | The Cashed Up Cow page and noticed you could have a lot more hits. I have found that the key to running a popular website is making sure the visitors you are getting are interested in your subject matter. There is a company that you can get targeted traffic from and they let you try the service for free for 7 days. I managed to get over 300 targeted visitors to day to my website. Check it out here: http://s.t0m-s.be/2X

Comments are closed.