After putting hours of hard work, the last thing you want is to have your website hacked. Unfortunately, getting a website hacked is happening more often these days thanks to advanced technology.
In the past, some of these notorious hackers have successfully hacked into government websites like the CIA. Even the famous Apple who is known for their technology has been hacked in the past. Click here to check out a list of websites that had a data breach.
Sure, your blog is probably not as big as the CIA or Apple, but there are hackers who target ordinary websites like yours and mine. Fortunately, I have not been hacked yet *knock on wood*.
In this article, I will go over a few ways that you can use to secure your WordPress blog. Prevention is always better than the cure itself. Without further ado, let’s dive right into it!
Ways To Secure Your WordPress Blog
Step #1. Prevent A Brute-force Attack
Brute force users use a password database to try to crack your password. If your password is easy to guess, chances are, you will not only become a target but eventually a victim.
Example of a bad password: 123456
Example of a good password: 1!eA$x5
It’s always a good idea to use a randomized password with numbers, words, symbols, etc. You can use random password generators to achieve this, but make sure you remember what it is.
Step #2. Stop A Brute-force Attack
You can also install and activate the login lockdown plugin. This plugin will record the IP address and the timestamp of every failed login attempt. Once the hacker fails a certain number of times, it will disable the login function from his or her location. Of course, they could get around this by using a VPN, but most hackers would give up at that point because of the extra work.
Step #3. Two Factor Authentication
The Google Authenticator is a WordPress plugin that adds an extra layer of security. The plugin generates a QR code which you can scan with your smartphone. Just make sure you download the Google Authenticator app!
Whenever you log in to your WordPress back office, it will require an authentication code which will be generated on your smartphone Google Authenticator app.
Step #4. Change Your Login Name
The default username is Admin which is well-known to hackers for almost anything. That’s why it’s important to change your login name. It’s quite simple to change on WordPress.
- Log in to your WordPress dashboard
- Go to users and set up a new user account
- Set user as an administrator
- Log out and Log in with the new user account
- Go back to Users
- Check the option box beside the admin user and press delete.
- Select the “Attribute all posts and links to:” and select your new username from the drop-down menu.
- Press confirm and you’re done!
Step #5. Backup Your WordPress Database
In my opinion, this is one of the most important steps to take. Let’s say all of your attempts to secure your WordPress blog fails. You should at least have a way to restore your blog to its previous state. Wealthy Affiliate automatically backs up your blog every single day. If you have a different web hosting provider, make sure they do the backup for you.
Step #6. Configure User Privilege
Do you have multiple authors for your blog? Make sure you configure the capabilities or roles for each user group. You don’t ever want to give someone full access to your blog. For authors, I only give them options to create an article, but they can’t actually publish it without my authorization.
Step #7. Keep Your WordPress and Plugins Up-to-Date
I cannot stress this enough. You should always ensure your WordPress and Plugins are up-to-date. You see, WordPress and the developers are constantly working to improve the security of their product.
WordPress is no different, they also can fall victim to hackers. By downloading the latest version, you will have all the bug fixes for any security vulnerabilities.
Step #8. Scan Your Blog Settings Regularly
Use WpScans, an online scanner that detects any security vulnerabilities your WordPress blog may contain. Simply enter your blogs URL and let the software do its job. Once it’s finished, you will a report explaining what needs to be done.
Step #9. Remove Your WordPress Version Info
Hackers are always searching for information to better prepare for an attack. The more information you publicize, the better it is for them. There are certain WordPress website themes that include the WordPress Version info in the meta tag. Hackers can then use this information to find out what kind of security vulnerabilities are available for that particular version.
To remove the Version Info, you can do the following:
- Log in to your WordPress dashboard
- Go to Appearance -> Editor
- Locate and click Header.php
- On the left, you should see lots of codes. Search for a line that looks like ” />
- Delete and click update
Step #10. Secure Your Website With SSL
In a nutshell, Secured Socket Layer (SSL), is an extra layer of security that makes any information sent and received between your browser and server unreadable. Basically, if a hacker tries to intercept any of your information, they wouldn’t be able to decipher it.
Step #11. Use A Website Application Firewall
A website application firewall works very similarly to the firewall you have on your computer. It monitors traffic and blocks any suspicious requests from reaching your website. You can find many options out there by performing a simple search on Google.
The security of your WordPress blog should always be treated as top priority. Forget about publishing new content if you can’t even prevent someone from ruining it.
I hope you learned something new about securing your WordPress blog. If you enjoyed reading this article, please share this with your peers by clicking on the buttons provided below.
If you have any questions, comments, or concerns. Feel free to leave a message by leaving a comment down below. Have a great day!