No matter how new or experienced you are with WordPress, it’s never too early or too late to get serious about WordPress security. Not taking care of WordPress security is like having a lock on something and leaving the key in the lock. Today we’ll discuss ten things that everyone – even new users – can do to increase WordPress security on their websites. While this is not everything that can be done to secure a WordPress website, all of this can be done by the newest user.
Featured Plugin - WordPress Infinite SEO Plugin
Things To Do When You Install
1) Do NOT use “Admin” as your administrator login.
This is one of the most ignored pieces of advice – and it’s usually the easiest place to crack the door of your security. Additionally, do not choose an administrator name that has anything to do with your website. I know of one – and the owner will not listen to me – that is using his domain name as his administrator login.
2) Do NOT use “Password” as your administrator password.
O.K. you can get up off the floor laughing – actually found one that was using the word “Password”. Choose a hard to crack password making it a mixture of letters (lowercase and uppercase) and numbers. If you can put in some other symbols, do that as well. I use LastPass on my browser, so I let it generate a random password for me.
3) Install A Login Security Plugin To Block Crackers
Install the plugin Limit Login Attempts and set it up to prevent crackers from getting in by trying to guess your login and password. If you set it up to lock them out after three login attempts, then after three failed attempts they cannot even try again until the interval you have set has expired.
Featured Plugin - WordPress Membership Site Plugin
Things To Do After You Install
1) Keep Your WordPress Core Updated
When each update to WordPress is issued previously discovered security holes are patched so it’s very important that you update as soon as the newest version is known to be stable. Be sure to back-up your database and files before you update so you have a fall-back position.
2) Keep Your Themes Updated
Be sure to update any themes as updates are issued. This includes themes that you may not be using as the files still exist on your server and have a remote possibility of opening a crack in your security
3) Keep Your Plugins Updated
Rarely does a week pass by that a plugin I’m using doesn’t need an update. If a plugin is installed in your WordPress website, be sure to keep it updated even if it’s not activated. Like themes, plugins that are not updated have the potential to open a small crack in your security.
4) Create A Separate Account To Use For Posts
The greatest administrator username in the world is worthless if you use that account to write your posts on the website and that username is visible to the world. Create a second account with less capabilities that will allow you to publish posts but protect your administrator account.
By installing the Allow Multiple Accounts plugin you can set up multiple user accounts for yourself with various levels of access. Then, you can write posts with a lower level access such as contributor and still maintain the website as an administrator – all without having to have multiple email addresses.
5) Hide The Post Author’s Usernames
You can add a little extra security by displaying the Author’s real name rather than their username. Install the Post Author plugin and change the setting as you’d like. You can even completely hide the author’s name if you want.
You’ve Locked Up Your WordPress Website And Taken The Key Out Of The Lock
This list of security measures is not complete, nor was it intended to be exhaustive. This is for the beginning WordPress user that is uncomfortable with code or is unfamiliar with the entire WordPress environment. Once you have some base protection in place, you can sleep better at night while you learn more complex protection methods. Without these basic protections in place, it’s like walking into a gunfight with a pocketknife. It’s not a matter of “if” your site will get cracked, only a matter of “when”.
In future articles, I will explore more complex methods including additional plugins, code changes, and site structure modifications that can continue to harden your security against crackers.
Featured Plugin - WordPress Facebook Plugin
Lock And Keys by Michael Meilen
Padlock With Keys by Petr Kratochvil