Simple WordPress Security Tips to make sure that your site does not get hacked
When using WordPress as your choice CMS it is crucial to ensure that you have the right security measures in place. The developers of the WordPress CMS system do their best to ensure WordPress Security but hackers always seem to find a way to penetrate a site especially if the website owner does not take the right steps to ensure the WordPress Security.
WordPress Security Essentials
Update your WordPress
Update, Update and Update some more. This is probably the most important aspect of keeping your WordPress site safe. Updates for both WordPress and plugins are regularly released. Apart from the actual software being updated, WordPress builds and plugins are also updated to patch WordPress security vulnerabilities and “holes” which may have been discovered.
Hackers use automated software to scan for outdated versions of WordPress and plugins and once they find these, they use them to enter the Worpdress site and reek havoc!
The famous admin account
Once a hacker discovers that a user with the username “admin” exists they can try and enter your site with a technique known as “brute force“.
Because a hacker now knows that you have a user called “admin”, they can now run an automated program which will guess the password. So if you have a user called “admin” and the password is called “password” or even “P@ssw0rd”, it will be a breeze for a hacker to penetrate the site.
So the bottom line is, get rid of the user called admin, this will make the hackers life a lot harder and will also provide much needed WordPress Security for the site.
While you are at it, you can also get rid of the the user ID, “1” because the first user created by the WordPress system has a default ID of “1” and by getting rid of it, you once again make the life of a hacker much harder.
I would recommend installing the following plugin which will assist in completing these tasks – Better WP Security.
Ensure at all times that your passwords are strong containing Capitilization, Punctuation, Numerals and avoid using general terms like the sites name for example.
Here are the 25 most common passwords of 2012, along with the change in rank from last year.
1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)
Source: CBS News
Shard Hosting Server
If you are hosting on a shared hosting server, you run a much bigger security risk. The reason being is that if a hacker penetrates one site on the shared server, the chances are that he will have access to the other sites as well.
I recently consulted on a client’s website which was hacked, the website was built in HTML, which does not really provide any back doors for hackers but upon further investigation, I realised that the site is hosted on a shared server which is also home to a Joomla site. The Joomla site got hacked exposing all the other sites on the server to the attack.
So if you are hosting on a shared server always ensure that all your sites are up to date…
WordPress Security Conclusion
My father always says “Prevention is better than cure”. This is definitely the case when working with WordPress. It is much easier to take simple steps to ensure the security of your site instead of fixing a hacked site.
Sometimes you might be unlucky and you might get hacked even after implementing all the above steps. Always ensure that you always have a up to date backup of your site and database. This can be a manual process or you can use plugins to automatically create site and database backups.
This is a rather effective plugin which we frequently use to backup our databases, Backup WordPress.
There are other security measures which can also be implemented to increase your WordPress Security but I would highly recommend installing Better WP Security (now iThemes Security) to ensure that you are fully protected.
If you need help with a hacked site or some more information regarding WordPress Security, please feel free to contact us.