WordPress is such a user-friendly content management system. I love using it and there are so many great tools to help make it an even richer experience for both the blogger and reader. But there is a downside to its popularity. It’s a beacon to many hackers.
Because WordPress is free, hackers don’t even have to wonder how it works. They can simply install it themselves and leisurely look for weaknesses to exploit. But there is another weakness hackers can capitalize on—you, the blogger. Being a blogger doesn’t automatically make you a tech superstar. And that’s what they are counting on.
Limit Log-in Attempts
An simple and effective way to help protect your blog is to limit log-ins. In a brute force attack, a bot hammers away at your site, repeatedly attempting to gain access to your Admin Panel through trying various combinations of your username and password. If you limit log-ins, it significantly reduces the number of attempts they can make. Yes, a bot has hundreds and even thousands of ISP addresses, but they will be forced to burn through them far more quickly. Plus, the fewer attempts they can make, the lower their chances of actually figuring out your username and password.
I use Limit Login Attempts on Eat Laugh Purr and The Heavy Purse. It’s incredibly easy to install and has worked well on both sites.
You can set how many retries before the user gets locked out and how long they remained locked out. I am not as generous as the plug-in creator. You get one try and then get locked out for a very long time. Why? Because I am mean.
But I Have Butter Fingers and Might Lock Myself Out
I have butter fingers too. 😀 And yes, I have locked myself out. Remember, the plugin locks you out based on your IP address. So if you lock yourself out at home, it doesn’t mean you can’t access your Admin Panel until your lockout is complete. It just means you can’t access your Admin Panel from THAT computer or any device that utilizes your home’s IP address until your lockout is complete. You can go to your office or Starbucks and log-on to your website. Once you log in, just go to the Limit Login Attempts plugin and clear lockouts. You will be able to access your Admin Panel at home again.
Easy peasy, but admittedly that can be a bit of pain. So thankfully, there is an easier option. Install Whitelist IP for Limit Login Attempts, which allows you to whitelist IP addresses you regularly use to avoid accidentally locking yourself out of your site. It works beautifully too. 🙂
Keep Your Blog Up-To-Date with the Latest Versions of WordPress and Plugins
WordPress developers are constantly enhancing the content management system and eliminating weaknesses hackers can exploit. Be sure you’re running the latest version of WordPress and your plug-ins. Also, review the plug-ins you have installed and make sure you really need them. If they haven’t been updated within the past year, you may want to consider finding an alternative. Old plug-ins and poorly coded plug-ins are a hacker’s dream come true.
Maintain Proper Back-up Of Database and Files
This is an absolute must and your best defense if you ever do get hacked or your server has a glitch or you accidentally delete something you shouldn’t have. It won’t stop you from being hacked but it will make the recovery much easier. There are a wide variety of premium and free plugins that will back-up your site. Be sure that whichever route you choose that you back-up both your database and files. I use UpdraftPlus Backups. It is a free plugin but does have premium options. The free version works great but I like knowing that I can add some paid options if needed. I automatically back-up to DropBox. I prefer having my back-ups stored somewhere not linked to the website, such as FTP.
Do Not Use Common or Easy Usernames and Passwords
This is the low-hanging fruit that hackers love. I walked you through how to change your user name step-by-step over at The Heavy Purse. If you are using “admin”, your name or your blog name as your username, you must change your username immediately. Even if you’re not, I would still strongly encourage you to reset your username. It only takes a few minutes but a strong username and password is something every WordPress blogger should have.
Whether your publishing your first post or your 1000th post, your blog is an investment of your time and a source of income for many. Following these steps will help you protect your WordPress site.
Photos courtesy of www.freedigitialphotos.net.