After hackers shut down the Tel Aviv Stock Exchange and the website of El Al Airlines today, anyone with a website should think about what they can do to protect their websites, if they haven’t already. While this is hardly the first time hackers have taken down major websites, sometimes we need scary reminders that the worst can happen.
As I build most of my websites using the WordPress CMS, I’m most concerned about keeping those sites secure. WordPress is awesome and a growing platform, and much of the content is relevant to any website.
5 Tips to Protect Your WordPress Website From Being Hacked
1) Edit admin. Make your admin username something besides the default “admin”.
2) Use a strong password. The name of your first child is easy to remember, but it’s also easy to figure out, unless you think Rbj357qr is a cute boy’s name.
Some tips on coming up with strong passwords you can actually remember:
- Pick a phrase or song lyric and use the first letter of each word, or the second letter.
- Use your phone keypad to convert a word to its numerical equivalent to use as part of your password.
- Separate two words with symbols and numbers
- 3) Password protect the admin area. Most hosting control panels allow you to password protect a folder on your website with an HTTP popup to enter a username and password. This can be a great way to prevent even the most basic of attacks to your admin area. This double layer of password protection may seem a tad inconvenient but the extra protection is worth it.
4) Keep WordPress updated. Upgrades usually fix loopholes and bugs that can be exploited by hackers. This is especially important to keep in mind if you don’t update your site frequently (and therefore don’t see reminders and updates in your Dashboard). Once you see there is a new version available, you can update it quickly with literally the click of a button with an automated install. It’s a good idea to do a backup before executing this, or any other major change to core files. Set up a calendar with regular times to check in and see if WordPress or any of your plugins need to be updated. Check for any compatibility issues, and then update! At the hosting level, also be sure to keep your PHP updated.
5) Restrict IP Access. If you are the only administrator of your site and you always update from the same IP address, you can change the htaccess file to only allow updates from your IP.
Bonus: Check out the WP Security Scan plugin. This plugin scans your system and makes recommendations on how to improve many aspects of your site’s security.
For extra security:
SSL Encryption can secure and encrypt your data. To create the highest level of security, you want a private SSL for each one of your websites.
Did your WordPress website get hacked anyway?
Fill out the form for an emergency website restoration and we will do our best to get you back up and running as soon as possible.