1. Your password needs character:
Your password should be as strong as your content. Seriously, it needs to be ironclad. It may be obvious,
21st-century logic is to make all of your passwords as tough as nails, but tell that to the thousands of hacked users—most of which had matching usernames and passwords. And while it might seem easy to have a couple variations of the same password for all of your accounts, hackers are smarter than that. Besides, variety is the spice of life.
WordPress has your back: Like most sites, WordPress has that little password strength barometer to let you know you’ve crafted something secure. Here’s a fun game: Once you’ve got the “strong” rating on your password, delete it and come up with something even harder.
2. Be yourself
Never use the default admin as your username—that's exactly what the hackers are expecting. Once someone knows your username, they’re halfway to knowing your full login details, so don’t make it easier for them. If you currently use admin as your username:
- Create a new and unique account name with administrator privileges.
- Log out, then log in with your new uniquely named account.
- Delete the admin account.
3. Keep it fresh
That is, update as often as you can. Most of the time, those annoying updates from WordPress are actually bug fixes—the kind that could mean the difference between your subscribers hearing about your delicious bacon pizza or how a Nigerian prince made you rich beyond your wildest dreams by clicking here.
WordPress has your back: Update everything. The handy WordPress interface allows you to monitor your plugins, themes, and software to ensure it’s all up to snuff. You just have to check in on it.
4. Know your roots
The
wp-config.php
is a file stored by default on the
WordPress server, and contains some pretty sensitive
information—including your username and password. The best way to keep
this file out of unwanted hands is by moving it from the online
directory and into a local one.So:
If your file is located here:
public_html/wordpress/wp-config.php
Then you need to move it here:
public_html/wp-config.php
.This moves it one directory above the WordPress root directory, making it almost impossible for anyone to access this very sensitive file.
WordPress has your back: This can all be done in WordPress, no plugins needed.
5. Themes that scheme
Free themes can contain harmful embedded code that puts out a beacon for intruders. Do some research on the sources of your flashy themes before throwing them on the WordPress server, because they can contain some malicious stuff. Also be wary of any website broadcasting free themes. Free is never free—that’s just how it goes in the World Wild West.
WordPress has your back: Use the WordPress TAC (Theme Authenticity Checker) plugin on any questionable themes, and it’ll sniff out those nasty embeds. If a bright pink “alert” message comes up, that’s when you emphatically press a single finger to the keyboard and erase it forever.
6. Plugins prevent muggin’s
As you probably know, navigating the world of plugins isn’t as intuitive as creating a post—but it’s not rocket science, either. Taking the time to learn how important security plugins work with WordPress is important if you really want to secure your account. Start with Better WP Security, a great free plugin that builds a wall around your password, hides vulnerable areas of your site, and generally keeps you SSL-fortified. Learn exactly how to install it by watching this video.
WordPress has your back: Play it safe, and only download your plugins from WordPress.org—like the Limit Login Attempts plugin that locks out multiple failed login attempts.
7. Make the most of your Yoast
Yoast is a reliable plugin that optimizes your site’s SEO (among many other handy tools). With millions of downloads, a Sucuri-safe certification, and the most comprehensive SEO options available, this is a great tool for both optimization and security. Just be sure to go through each tab thoroughly to the find the right balance.
Hint: While it might sound counter-intuitive, uncheck the “Disable the Advanced part of the WordPress SEO meta box” under the General settings tab. This enables the noindex, canonical, and 301 setting per-post, making it harder for hackers to go through your history.
WordPress has your back: The founder of Yoast is actually a former WordPress developer. That’s a pretty reliable source—not just for the security of this plugin, but for functionality, too.
Was your account one of the 90,000 that got hacked? Share your story in the comments or tell us some other tips you’ve found for preventing attacks.
0 comments:
Post a Comment
Leave a Reply