This week, it was bought to our attention that one of our hosting customers has had their WordPress powered website hacked into. We felt it was important to post an article highlighting a number of ways in which you can enhance the security of your WordPress site, and prevent attacks such as that our client has suffered.
We should also stress at this point that our servers remain incredibly secure, and that the hacker exploited vulnerabilities in WordPress, and not our systems, to accomplish their inconvenience.
The problem with WordPress
WordPress is a great platform, don’t get us wrong, however it is not without its problems. The main problem being that it is distributed freely. While free products and services are great, it does mean that unscrupulous individuals can also secure a copy of these products freely, dissect them, understand their workings, and determine their vulnerabilities.
I should also point out that this is not a problem specific to WordPress, but is relevant to any website platform distributed freely.
Enhancing your WordPress security
We have devised a few tactics that we suggest you employ, to ensure that your website remains secure:
- Ensure that your password for your database is completely different to that of your WordPress login, control panel, email addresses, and any other credentials that could be made vulnerable to attack.
- When setting up WordPress, do not use the standard database prefix “wp_” or something predictable like “wordpress_”, use something that is not a dictionary word; use a random combination of numbers and letters.
- Do not just stick with the default username “admin” – use something else that isn’t so obvious.
- Use a strong password: something about 8 characters or more, consistent of letters, numbers, special characters (! # % * etc.), make some of the letters capitals, and so on.
- The WordPress dashboard allows you to use a different display name to your username – so use a different one. This will make your account harder to hack, if you do not give away your username.
- Keep WordPress up-to-date. It’s free to do so, just login every now and then, and click the update link – if there is an update available, it’ll be there. It’s really as easy as that!
Obviously there are many more ways in which you can enhance the security of a website, and should you find yourself itching to suggest one, then please do feel free to comment below!
Web Design, Maintenance, SEO & Hosting services