Data security, Internet

How to Ensure Your WordPress Security

wordpress-securitySurprisingly, it is extremely easy to get caught up in the day-to-day running of your web site. There are endless jobs that need your attention such as PPC, keyword searches, content writing, and link building. But, "Don't get caught with your pants down," when it comes to security.

We have been trained to keep our computers virus and hacker free. It is equally important to safe guard your web site and more importantly, your WordPress account.

Dirty Hackers are Every Where

There are those whose job is to attack and gain entry into web sites, programs, and hosting sites daily. They take their jobs very serious. Some view it as entertainment. Their latest attacks are centered on, breaking into poorly secured WordPress blogs.

Those responsible are looking for WordPress blogs that they can gain access by infiltrating each blog with the goal of breaking into and disrupting WordPress.

Don't Be a Lazy ADMIN User

They know that most people still use the default assigned ADMIN user name. In the beginning you could not change this field. Hackers will use this user ADMIN, along with a list of approximately 1000 passwords, and they will attempt to access your site and try different combinations of passwords until they are successful. Their goal is to install code embedded into your site that can be accessed later. By building an army, they know the more sites they can infect the more havoc they can cause on the web servers. Failing to take time to arm you against these attacks can be disastrous.

Follow These Steps to Protect Your WordPress Security

  • Key-loggers/spyware: Make sure your computer firewall and anti-virus is up to date. Consider a program to search for key loggers. Key logger programs record your keystrokes, revealing important passwords and user codes and pass these along to others.
  • WordPress: Always install the updates when prompted. WordPress tries to keep up to date with issues and will issue updates to prevent future problems with hackers as well as program issues.
  • Reliable Host: Choose a hosting company that is well-respected. They will make sure their programing is secure and make the necessary adjustments to their system to maintain security.
  • Network Safety: Are you using a secure Network? Is your Network password protected and is the password strong. If you are using a remote site, are you protected?
  • Firewall Plugins: Try using a firewall plugin installed on WordPress such as WordPress Firewall, Duo Security or Wordfense. Wordfense allows you to see your hits in real-time, allows you to see if the hit is human, will display crawlers, Google crawlers, pages not found, logins and logouts, top consumers, top 404s, as well as allow you to block IPs, block by countries, search whois, advanced blocking and schedule when it searches, on the paid version. The logins and logouts allow you to see how often the bots are trying to access with the Admin user id. This is easily displayed under the dashboard.
  • New user ID: When you set up the account or change themes, choose your user ID then. Do not use the default. If you already have the user ID try the following: Under the dashboard, choose the user tab add new. Create your new user name and strong password, and select administration. This is a good time to delete any others that may no longer be with you or was set up by a bot. Do nothing to the other administration user ID that uses the ADMIN for the user ID. Next, log out and re-log in using the new administration user ID that you just created. Once again, under dashboard, go to the user tab, this time all users, and select the old ADMIN user, and select delete. A reminder will ask if you want to associate the post with someone new, and select the new administration user and select yes. You will now have a new user ID that is better protected against hackers.
  • Passwords: Select strong passwords, such as #$%&*@ along with letters and numbers with at least 8 characters and letters and 12 to 16 is even better. You can also use a two-step download, Google authentication, or other programs that change the password every 30 seconds for the ultimate in protection.
  • Back Up: Always back up your WordPress. Even the most guarded may get hacked from time to time. It takes time to re-establish your site if you were to lose it for what ever reason. This might prevent a disaster later.

If you don't take the necessary steps to secure your WordPress blog, it is just a matter of time before someone finds a way to access your data. A layered approach to security is vital to protecting your site. You may still get hacked, but monitoring will allow you to fix problems quickly before too much damage is done.

Carrie Welborn is a marketing manager at insightMedia, inc, a company that specializes in helping businesses find the best pick and pack companies.

If you have any questions, please ask below!