WordPress powers 25% of the world’s websites, up 4% on last year. Making it the most popular content management system around at the moment.
However, that doesn’t mean that it is without it’s problems. The WPScan Vulnerability Database currently has over 3,900 software, plugin and theme vulnerabilities showing on its system. Yikes!
You could say that this figure is tiny compared with how many plugins and themes are on the market today but thousands of sites are hacked on a daily basis.
And this is disastrous for businesses or bloggers who operate online and rely on their website to generate leads, customers and enquiries. Getting hacked is stressful, not to mention frustrating, as you scramble around trying to identify and fix the issue that has brought down your website.
You can, however, follow these 5 easy ways to protect your WordPress website from attacks – reducing the possibility of a breach.
1 // INSTALL SOFTWARE UPDATES
The first one is a no-brainer; update your software when new versions are released. Every so often you will receive a notification to update your WordPress software. It is vital that you do this as soon as you can.
The updates aren’t only to add new features, but the update contains all the latest security fixes that have been identified since the previous update.
If you put off installing the updates, you are leaving your website wide open to abuse. Don’t risk it.
The update generally takes a few minutes to complete. You can also set your website to automatically update to the latest version so that you don’t even have to think about it. This is a great tutorial by WP White Security for configuring the automatic updates.
2 // CHOOSE YOUR THEME AND PLUGINS CAREFULLY
It is important that when you are choosing your theme or plugins that you do so carefully. It has been found that plugins and themes are the biggest vulnerabilities on WordPress websites.
When deciding on a theme or plugin, there are a few things you should look at before hitting the install button.
- How many downloads does it have? – Large, popular plugins and themes aren’t immune to issues, but they usually fix any vulnerabilities that crop up quicker than the smaller releases that have less support.
- When was it last updated? – This is something you should definitely think about before installing. If it hasn’t been updated in over a year, I’d seriously considered another plugin or theme. One of the most common reasons for a site getting hacked is when themes and plugins are out of date.
- Check the reviews – This seems like an obvious one but so many people overlook the reviews left by the users. They can sometimes reveal problems or issues that the person has experienced when they used them. If the reviews are bad, again I’d continue your search.
You should also keep your theme and plugins updated when new versions are released.
3 // CHANGE THE ADMIN USERNAME
When setting up your WordPress website or blog, you are given the default username of ‘admin’. That seems like an obvious choice of username and it’s easy to remember – bonus! But it also makes your website login easier to guess.
The first thing a hacker or bot is going to try to access your website is the username ‘admin’. And bingo, it has one-half of your website login.
So, to makes it a bit harder – change from the default to something a bit more unique.
Because you can find out the username from blog posts, as an extra precaution you should use a ‘nickname’ that is different from the username. You can add this within the profile/user section and set it as the ‘Display name publicly as’. This means that beside the post instead of your admin username it displays your lovely nickname.
4 // USE A STRONGER PASSWORD
You may think I’m stating the obvious here, but I have seen so many people using simple passwords. And that’s just a hackers dream.
The best passwords are those that contain a combination of letters, numbers, symbols and different cases of letters. This will make it significantly harder to discover. An even better option is to use a password generator tool, to give a random password of letters and numbers.
If you have multiple users on your website, ask them to also update to a stronger password so you have no weak links.
5 // INSTALL A SECURITY PLUGIN
There are a number of security plugins available to download which will help you protect your website. The two most popular ones at the moment are iThemes Security and Wordfence.
Both have free and premium options available. They have a number of features to help bulk up your websites security from forcing you to use stronger passwords to block brute force attacks and scans of your website.
So, while the above may not completely prevent your website or blog from being hacked, they will improve the overall security of your online home and make it that little bit harder to penetrate.
Follow these 5 easy ways to protect your WordPress website from attacks - reducing the possibility of a breach.
