Everyday there is a new headline on websites being hacked. And yet we still find websites that are unprotected. Think of it this way, if houses in your neighborhood were being broken into consistently, what would you do? Most likely you would learn from what is happening and add a few security measures to your house, like adding a camera or extra locks or every hiring a security firm.
In the same way we need to learn from the daily news of websites being hacked and add few extra security measures to our website. I’m assuming that your website is regularly updated and you are using strong passwords. Here are few security steps that we can take.
First the very basic step – the admin user
Are you still using the default WordPress administrator username admin? And Yes, I still come across this happening. Still using the admin user is like having a combination safe and never changing the factory setting combination. Trying to hack a website using the username admin is one of first things hackers try.
If you still have the admin user then create a new administrator user. Make sure the new administrator username is not your first name or last name. Also change the display name and nick name of this new administrator. This just makes it a little harder for brute force attacks. I would also recommend creating a new user with an editor or author role. And use this new author/editor user to publish posts.
And finally delete the default admin user. If you have already published posts under the default admin username then when deleting the admin username make sure you move all the posts to the new author/editor user. Don’t worry WordPress will prompt you for a new author for existing posts before it deletes the old admin user.
Second install WordFence
WordFence is like having hiring a security company to monitor your house. There are two versions of WordFence viz. Free and Premium. Start with the free version and you will never look back.
Here is some basic things you will be able to setup with WordFence which are so necessry in protecting your website
- Get email alerts when an administrator logs into your site: Anytime a user with adminsitrator rights signs on, you will be notified. So if someone is using your administrator account you can take immediate action
- Get email alerts when there are changes to the core files: If a hacker has managed to get in and inject changes to your core website files, you will be notified and can take direct action
- Block usernames: Once you install WordFence you will find that there are certain usernames that hackers will use to try to gain access to your website. You can easily block these usernames.
WordFence provides lotmore options that will really harden your website security. And all this with the free version of WordFence. So what are you waiting for?
And finally third, protect the WordPress Admin Area
Adding an additional layer of security by password protecting the WordPress admin area makes it difficult for hackers to access you site as they now have now attack this secondary level of protection. This secondary password protection is done on the server-side (such as BasicAuth).
What about SSL you might ask?
What I have described above are three steps which you can incorporate into your website right away. Enabling SSL is the next really crucial step in making your site secure. SSL (Secure Socket Layers) encrypts all information sent to and from your site. Stay tuned for my article on how to secure your WordPress with SSL and why it may soon be mandatory.
So there you are
Just like you would secure your house these are the three steps to get your website security hardened today viz.
- Getting rid of the pesky default admin user
- Adding WordFence
- Protecting you WordPress Admin area
Do you need help in securing your website? At StressLessWeb we take on all types of website development from designing a bespoke website to plugin development and ad-hoc work. Have a question? Contact StressLessWeb. I look forward to answering your questions.
Announcing new Products & Services from StressLessWeb
We recently started offering website maintenance services to our existing clients. If you are not an existing client but are interested in availing of this service, contact us to see how we can help you.
Do you use Simple:Press? We have a new e-book out to help your Simple:Press members get started.