Basic WordPress security should be something everyone knows and implements. Yet I watch forums and Facebook groups where on a daily basis people have had their site hacked or something else terrible happen to it. And I can’t help but die a little inside.
Security of your site is a big deal so invest in it
To make life easier I want to outline some tips that bloggers can carry out on their site today that will instantly add better protection. Now these aren’t ground breaking tips by any means, you can find them all over the internet. Thus making this post a collection of all of them so I can stop repeating myself when another blogger draws breath on yet another infected site.
The bottom line is that if you run a blog and its your primary source of income you either take note of these tips or risk having your site compromised by some form of malicious code.
Update WordPress Plugins and Themes
This one’s fairly straight forward, you see an update and you action it. Updates are released to improve the functionality of the site and fix security flaws found in the code. Be it a WordPress, Plugin or Theme update they need to be updated as soon as you get the chance.
The only proviso in this is that you check what has changed in the most recent update to ensure 100% compatibility with your site. All updates performed through WordPress provide links to view the version details. These details outline what’s changed so it’s always a good idea to skim over them and make sure you know whats being installed.
Install Reliable Plugins
In short if the plugin isn’t included in the WordPress Plugin Directory or comes from a legitimate premium resource site don’t install it. Plugins downloaded from other areas won’t necessarily be bad but it could be a hacked plugin that once activated will cause your site to break. Or it could just be that it’s not updated and support is difficult to obtain.
Stick to the source of plugins that has a high volume of users as this generally suggests you’ll have better support and feedback from others can guide you in your decision.
Use Complex Passwords
This is perhaps my biggest beef with users and it has been ever since I started in IT some 8-10 years ago. This is also the most basic WordPress security tip I can ever give. A secure complex password, that means using capitals, numbers and symbols has a better chance of not being guess than does john1234. On top of that make sure you use a different password for your blog as you do for your Google Analytics or Paypal account.
Yes it will make it difficult to remember but I’d really prefer to not see my days and weeks of blog work lost in seconds because I wouldn’t change my password from my birthday or girlfriends name.
Remove Default Admin User
Hands up how many people login to WordPress using the default Admin username? Oh wow so many who’d have guessed. If you use the default username then you’ve done half the work for the hacker already. He doesn’t need to guess that, it’s just your password to go. Aren’t you at least glad you used a complex password to fix that.
Now changing the username is quite simple. You just create a new user specifying a different username (please don’t use your name either) and then login as that user and delete the admin one. Oh and don’t worry you will be prompted to assign the existing posts written by that user to a different user in the process so noting gets lost (and always take a backup of your database beforehand as well just in case).
Backup Your Site
This ones a no-brainer really. I’ve written in the past how backing up your blog is like getting insurance on it. I know I spend hours a day working on my blogs so the thought of that being lost brings me nightmares. My new favourite plugin is called BackWPup so if you don’t have a solution for backups I recommend you to stop reading and go and install that now, I’ll wait till your finished to continue.
Install a Security Plugin
To take things a step further you can install a security plugin like WP Better Security. It allows you to lock people out that try to hack your password or guess it by logging in multiple times. You can also get logs on who and what access your site as well as changing the default login urls from /wp-admin to whatever you like to bolster security even more.
If you can look at the above list of basic WordPress security tips and say I do that then please tell me and all your other blogging friends as well. If you blog for fun then you know what enjoy it and do what you can. If this is your business and your only source of income then there is no excuse for not doing this yourself or hiring someone to do it for you.
Advertisers, PR Reps and more are getting better and evaluating bloggers so if they find links to viagra or worse still can’t load your site then they are going to think twice about you being an authority in your particular niche.