We have listed five things you can do to help secure your WordPress website from attacks, all of them you can do without any knowledge of coding and within your WordPress admin console.
- Keep your WordPress installation and plugins up to date
- Don’t use ‘admin’ as your username
- Remove your user with ID ‘1’
- Use a stronger password
- Turn off ‘anyone can register’
Keep your WordPress installation and plugins up to date.
Keeping WordPress up to date is a very important for the security of your website. When security issues and vulnerabilities are found in WordPress files, an update will always shortly follow. Due to the nature of the internet when these vulnerabilities are found they become public, meaning out dated versions of WordPress are more exposed to being hacked.
Just like your WordPress installation, make sure your plugins are up to date, it is just as important for the same reasons, if not more important. WordPress Plugins can be developed by anybody and most are free to download, making them easy to attack when vulnerabilities are exposed.
To update your WordPress installation and plugins, find the update page in the main menu under; ‘Dashboard’ > ‘Upgrade’.
Please ensure that you always back up your files and database(s) before upgrading anything in WordPress.
Avoid obvious usernames, such as admin
The default username in setup for an earlier versions of WordPress was “admin”, as a result users tend use admin as their default username for WordPress, sadly in the event of a brute-force attack, the person attacking will most likely try “admin” first, followed by some very obvious usernames like; administrator, team, etc.
To prevent this, create a username that is unique to the user, this will reduce the likelihood of a successful brute-force attack. Don’t worry if your current username is ‘admin’, just change it and assign all posts and pages to the new username, easy!
Remove your user with ID “1”
This isn’t a major security issue but hackers can use this as a vulnerability, in some cases it may actually aid the hacker, to fix this just create a new profile with the same privileges as the ID “1” and then delete that original ID, make sure you assign all pages and posts to the new user.
Use a stronger password
This is very self explanatory, but most users have the same few passwords they use for everything, usually the password is basic, like the name of their pet, the problem with this is the password is basic and only a combination of letters, ideally when creating a password users should create a password that uses letters, numbers, punctuation and capitalisation.
Use this website to create a new secure password – strongpasswordgenerator.com
Turn off “anyone can register”
In your options page under General, (left-hand menu; General > Options) there is the option to allow anyone to register to your site, this is only for use if you have a community based site, if you are running a business or portfolio website this is not necessary, so to make sure your site is safe turn this option off, by doing so you have prevented access via the backend of your WordPress website.
If you would like help to make your WordPress website secure, or more help on more advanced security, call us on 0800 612 6614, or message us via our contact page.
