This post is the last in a series of Blogging Mistakes. You’ve heard stories about blogs getting hacked or entire websites taken down. Do you think it can’t happen to you? Do you think it is only really big sites that have security issues?
That kind of thinking is a huge mistake and will cost you a lot of money for putting blinders on. Actually, it doesn’t take a lot of effort to make your blog much more secure and be better prepared for the unexpected problems.
Here are 5 ways you can tighten your security right now.
- Change your WordPress password to one with at least 10 characters using capital letters, numbers and symbols. Just for grins, check the strength of your password. If you have the typical 8-character password, it probably takes about 3 minutes for a hacker to guess it, whereas a 10-character password with 1 capital letter, 3 numbers and 2 symbols will take 58 years! If you are hesitating because you worry that you can’t keep up with passwords, then install Roboform to remember them for you.
- If your WordPress username is “admin”, change it today! Admin is the first username that hackers try when attempting to login to your dashboard. Check the screenshot from WordFence installed on a small blog. It shows who is trying to login. Notice that the username for all of these break-in attempts is… ADMIN!
If your username is admin, go into your WordPress User area and create a new user. Give that user a different username, a strong password and make that user an “administrator”. Log out of your dashboard and log back in as that new user. Then delete the user with admin and attribute all their posts to the new user.
- There are two great plugins that can help with security — iThemes Security and Wordfence. These are great plugins, not only to keep an eye on who is visiting your site, but also to scan your site for malware and to lock out people up to no good. You can start out with the free version of either but you will probably want to upgrade for more security.
- Keep your software updated including WordPress, themes and plugins — even ones that are not active. Hackers are busy trying to find “back doors” through software files on your server. Good software developers close those back doors as soon as possible by issuing updates. If you drag your feet or ignore these updates, your site will be vulnerable. Some people believe that if you have plugins that haven’t been activated, then no harm can be done. Not so! If you aren’t using certain plugins or themes (other than ones that come with WordPress), delete them.
- Hide the contents of your website folders from index browsing. Hackers will many times start their search for a back door or vulnerability by looking in your folders. Any folder that does not contain an index.html or index.php file is open for anyone to browse the contents. An easy way to handle this problem is to put a line in your .htaccess file that reads: Options -Indexes. That prohibits index browsing on all folders.
Don’t wait until after someone breaks in before you put in that security system. Start right now while you are thinking about it. And if you find that you have been hacked, contact WPSecurityLock.com right away.