How to secure my wordpress blog against hackers?
It’s not that much of an issue for some people, but I prefer to keep things as secure as possible. There are a lot of bots around the internet designed to gain access to wordpress sites by brute-forcing the password, not to mention actual hackers who may target your site. Some of the things I’ve learned is to delete the default admin user (and prevent one from being created, there are plugins for that), put a password over the whole wp-admin directory and use plugins that limit the number of login attempts.
There’s probably a lot more I could do, so I’d love to hear any opinions and suggestions.
Hey Wielka, thanks for your question and I agree with your point. My websites have been hacked several times and now I have a great system in place to prevent hackers from getting in.
One time, the hacker actually deleted all my files and I had to completely start from scratch. And another time, they just redirected everyone to a PORN SITE!
Whew….. the kind of heat I had to take from the visitors who were in the office and got redirected to the porn site was next level. Pissed a lot of my clients. So, it’s super important, I now have a development team handling this stuff for me so I really don’t have to worry but here are a few things I’d do if I wanted to secure my website/wordpress blog against hackers:
We are not saying that you must follow all of these tips, but you should still have a few of these implemented on your site in order to be sure. The more steps you take, the harder it will become for the hackers.
1. Create Custom Login Links
It is very obvious that in order to access the WordPress admin panel, all one has to do is type in the URL of the site with /wp-login.php. Now if you used the same password in more than one location, and it was jeopardized then it is easy for the hacker to hack your site.
A plugin called Stealth Login allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. You can also enable “Stealth Mode” which will prevent users from being able to access ‘wp-login.php’ directly.
You can then set your login URL to something more cryptic. This won’t secure your website perfectly, but if someone does manage to crack your password, it can make it difficult for them to find where to actually login.
2. Pick a Strong Password
This is a very obvious step, but we must mention it as it can’t be emphasized enough. Do not use the same password in other places. Try to make each password different and hard to guess. Use the WordPress Password Strength Detector to your advantage and make your password strong.
3. Limit Login Attempts
Sometimes the hacker might think they know your password, or they might develop a script to guess your password. In that case, what you need to do is limit the login attempts. You can easily do so by using a plugin called Limit Login Attempts which will lock a user out if they entered the wrong password more than the specified time.
4. Never use “admin” Username
This is the first user that is created when WordPress is installed. You should never use or keep this user. Because in the past multiple loopholes have been found that are linked to Brute Force Attack and admin username, you should refrain from using it.
You should create another user using your WordPress admin panel, and assign administrator roles to it. Try to make this username something that is not obvious, so it is harder for the hacker to guess. Then delete the admin user altogether to stay on the safe side.
5. Stay Updated with the Latest WordPress Version
Last but definitely not the least is to stay updated with the latest version of WordPress because after each version is release, WordPress also releases the bugs and exploits of the previous version which puts your Admin Area in risk if you don’t upgrade.