These days your WordPress website security is no laughing matter – in fact, you could say it has become downright treacherous as more and more people come to find themselves left with the devastation of a hacker. Rather than being a statistic, now is a good time to take action and do what you can to protect your WordPress site from hackers. Let’s have a look at a few things you can do.
#1 Protect Your wp-config.php
This is an important WordPress file and so you will want to make sure it is protected. You can hide it so it is not available for public view just by putting a few lines of code into your htaccess file.
order allow, deny
deny from all
Add this code and it will stop the wp-config.php file from being visible to public users and makes it harder for hackers and robots to spot.
#2 Never use “admin” to Login
One of the most common mistakes is to leave the default ‘admin’ as your login to your WordPress sight. This needs to be changed right away as this is dangerous and allows hackers an advantage. It’s very dangerous leaving ‘admin’ as your login.
#3 Use SFTP
Most people use FTP to upload their files, but you really should use a Secure FTP connection – SFTP. That way when you send your files they will be encrypted.
#4 Using the Login Lockdown Plugin
Login Lockdown plugin will make sure that you remember your password. Every failed attempt at logging in is registered along with the person’s IP address and it will block the ability to login from different IPs if the login has failed after the set number of attempts, which you control. The default setting is 3 failed logins within 5 minutes per hour. You have the control to remove the blocked IP address from the plugin panel in your WordPress dashboard.
#5 WP-DB Backup
You need to have backups regularly not just now and then when you think about it. UpdraftPlus is a plugin that will do this for you and then it will send your backup to your email address and/or store it on the server. An offsite backup is wise because should your site be hacked it gives you the best chance of getting things up and run quickly.
There are plenty of things you can do to make your WordPress site more secure – these are certainly a good start!
You may have already heard rumblings about the bots attacking WordPress. Bottom line is that every website is at risk and WordPress is no different. It’s important for you to do your part to create a higher degree of security, because you see if everyone else does and you do not, then you become the weak link where hackers can access all the WordPress blogs. The same goes true if you create a strong password and others do not – bottom line, this requires a team effort.
Start by making sure your WordPress installation has the most current updates. Reduce the number of plugins you are using if you can and always delete those plugins you no longer use. Make sure you choose passwords that are hard to crack and always backup your data on a regular bases. Finally, protect your WordPress by making use of .htaccess. Great, that’s a good place to start by putting these things into practice.
Now it’s time to install a WordPress Security plugin that is designed to block IP addresses that attempt to flood or spam a site. It will also restrict the number of login attempts that can occur and it will monitor your live traffic. These plugins are constantly being updated so you can be sure they are on top of security concerns. All In One WP Security and Firewall – by Tips and Tricks-HQ or iThemes Security, formerly Better WP Security are two that can do the job for you.
There’s been a great deal of controversy over whether free content delivery systems are good or bad. The best thing to do is try it yourself. Yes, there are some that really only want to lure you to their paid service but two free content delivery networks that minimize your security risk and are free include CloudFlare and PageSpeed Service by Google. Don’t be afraid to explore what’s out there.
We touched on the .htaccess file earlier. This stands for Hypertext Access and when you configure this file you gain control and reduce your risk of security breaches. Editing your .htaccess file is serious and unless you understand at least basic coding you should hire someone that does. You can quickly become overwhelmed by so many options.
These suggestions don’t guarantee you will not be hacked, but what they do is significantly reduce your risk because there is going to be someone else out there that will be an easier target.
The solution to WordPress password security is to take advantage of one of the password services that will generate up to 50 characters of random gibberish. Then it will memorize that password for you so you don’t have to. Each website will have a new and unique password generated for it.
So how does the password service keep all these preposterous passwords secure? Easy! You have a master password for the service. This must be something that you are going to be able to remember. It will keep all of the other passwords safe and secure. Even if it’s stolen by hackers, to access all of your passwords they would need your master password.
It may seem like a complicated security approach, but it does work. It certainly is a solid method to keep your WordPress site safe, along with the rest of your digital life.
Here are some tips to get the most from your password service:
#1 Have a Good Master Password – The strength of your master password is key. This must be a strong password. It should follow all the criteria that makes a strong password and you will likely need to spend time memorizing it, but it should be one of the few passwords you’ll ever have to remember again.
#2 Passwords That You Will Need to Type – Your master password is not the only password you will have to memorize. A password service doesn’t work on some passwords. This means even with your password service there are handful of passwords that you will still have to remember. Make sure that they are good ones! Thankfully, by using a password service the number of passwords you will have to remember in total should be way below a dozen.
#3 Remember, it Takes Time – When you transition from taking care of your own passwords to having a password service generate and track your passwords, you need to remember that it’s going to take time. So be patient!
#4 Consider Two-Factor Authorization – If you really want to increase your WordPress password security you can use what is called the two factor authorization where there are two levels of authenticity, making it that much more difficult for hackers to gain access to your WordPress site.
A password service is a great way to get the strongest passwords possible and that’s good protection! a few that you might like to consider are LastPass, Dashlane’s Password Manager and a newer one called Keeper Password Manager. So get your digital life in order with the help of a good password manager.
It seems all we talk about is creating strong passwords and if you are like most people, you create a password that you thought was solid only to find out it is not. What’s the solution? Using a password service is a great way to create a strong password and protect your WordPress and other sites.
There are a number of these services – A few that come to mind are LastPass, Keeper Password Manager and Dashlane’s password manager; in fact David Pogue of the NYT calls Dashlane’s password manager “life-changingly great”. You install the software on your computer and it will create these wild passwords that are up to 50 characters and really just look like gibberish. What’s even better is that it memorizes them for you, because there is no way you could remember these passwords. Then to keep all those passwords secure you use a master password. That way even if your passwords are stolen the hackers are going to need the master password.
A good master password needs to be strong – in fact it’s critical because all your other passwords lay in the balance of this. Follow as many password rules as you can and this one you need to memorize along with any passwords needed to access your computer.
You will need to be patient as it takes time to transition your entire life online to a password service. You’ll be surprised at just how often you use passwords. Think about it – every time you login somewhere you use a user ID and a password. Getting the system up and functioning completely can be a real challenge, but stick with it, because eventually you will be far more secure and have way less passwords to remember.
You should actually have a password service for your mobile devices and your desktop devices. These are different and will require two different downloads and if it’s a paid service two different purchases.
If you really want to boost your password security on WordPress use more than one password. Have a two factor authorization. This means that your login will require two parts of information. For example, your password and something you know. It provides an extra layer of protection in a number of applications including Twitter, Apple, Dropbox and Google.
Today is a good day to get started with your password service!
Spammers can send email that includes viruses, worms and Trojans that infect your computer. Not all viruses crash your computer, some are set up to spy on you when you are online. They can track what sites you visit and copy your username and passwords and send them back to the spammer/hacker. You are then left vulnerable to an even larger threat. Identity theft.
Some of these viruses attach themselves to your computer’s operating system and prevent you from removing them. They often work undetected and can only be removed by completely reinstalling the factory settings, or visiting your local computer guru.
The easiest way to stop spam is not to sign up for anything you don’t need. If you do need to sign up for something that requires an email address, use an alternate email address, so your primary email address stays as spam free as possible.
If you want to take things to the next level and get a secure email address from a company like Spam Arrest and the only email you’ll receive is from the members on your white list.
A company can collect email addresses and forward them to affiliated partners. Here are some of the ways that companies are getting your email address.
Just about everyone has a homepage. Almost every internet service provider (ISP) offers you a place to put up your own website, but many people also include their contact information. This is not a good idea. Spiders are continually crawling the web and harvesting email addresses from websites that provide contact information.
Harvesting software searches the internet for the @ symbol. In searching for it, they recognize that this is likely an email address and therefore it leaves you open to receive their spam. By harvesting as many addresses as they can, spammers simply use the law of averages. The more email you send, the more responses you get.
Once you reply to spam, you announce that your email address is monitored and you’ll likely get even more spam. Then, spammer 1 sells your address to a network of other spammers and your inbox turns into a depository for penis enlargement and breast implant emails.
Nearly all registration forms that you fill out can lead to spam. Sometimes there is a box that you can check if you do not wish to receive emails from the company or its affiliates. Unless you want to receive email from them, you should click the box. If you don’t get an option, you may want to forget the registration all together.
This registration spam also applies when you are registering a new piece of software. Many companies tell you that registering allows them to keep you informed of any product upgrades, but they also use it to send you advertising.
An easy way for companies to get your email information is to post contests for things that you want to win. Of course, to enter, you must provide your email information so that they can notify you if you win. This also applies to gift offers and subscriptions.
Before signing up for a contest, check the company that is promoting it. Some of these contests are legitimate, and some of them are set up specifically to get your email address. It’s a really tricky business. The prize may not always be worth the amount of spam you receive.