5 Things You Can do to Secure Your WordPress Site

Making sure your WordPress site is secure from hackers is important. Being hacked is no laughing matter. It can result in a loss of all your data, the collection of your personal information and that of your customers or followers, and it can put you at risk financially. Let’s look at 5 things you can do to help secure your WordPress site.

#1 Fix Any Malware Issues
Find a way to clean up detected malware issues. It’s common for blog owners to underestimate the cost of being down related to security problems or the time it takes to deal with an issue. Sucuri is a good solution for removing malware.

#2 Choose a Host Provider
If you have your blog on a server that is shared your security risk goes up tenfold. Consider the risk to your blog and then multiply that risk by the number of other sites and blogs on that server. That’s what your risk is. A dedicated server or VPS may be more than you can handle, but another good choice is WordPress hosting that’s managed. It’s certainly worth the cost as you get better security, better support, a faster site and automatic backups.

#3 It’s Time to do Some Site Clean Up
You need to keep your blog nice and tidy. Remove old plugins you aren’t using. Delete themes you no longer use. Host websites that are in development on a different server than websites that are live.

#4 Control Sensitive Data
When you are doing your site clean up, make sure you aren’t leaving behind any sensitive data for the world to be able to gain access to. Check all of your php files, because these are like road maps to your site setup and give a hacker all of the information they need to ‘bust in.’

Don’t keep your backups on the server with your site files. That’s just encouraging a hacker to download them and use them to hack your website. Disable directory browsing to stop a hacker from seeing the blog’s folders.

Be careful when you are using the CPanel file manager and having it save copies of your important files temporarily. You are much better off using secure file transfer protocol.

#5 Don’t Let Your Guard Down
This might seem obvious, but it’s not always practiced. You need to be vigilant about staying on top of everything on your site. This will decrease the risk of being hacked.

Using a Password Service to Protect Your WordPress Site

It seems all we talk about is creating strong passwords and if you are like most people, you create a password that you thought was solid only to find out it is not. What’s the solution? Using a password service is a great way to create a strong password and protect your WordPress site.

There are a number of these services – A few that come to mind are LastPass, 1Password and a newer one called Keeper Password Manager. You install the software on your computer and it will create these wild passwords that are up to 50 characters and really just look like gibberish. What’s even better is that it memorizes them for you, because there is no way you could remember these passwords. Then to keep all those passwords secure you use a master password. That way even if your passwords are stolen the hackers are going to need the master password.

A good master password needs to be strong – in fact it’s critical because all your other passwords lay in the balance of this. Follow as many password rules as you can and this one you need to memorize along with any passwords needed to access your computer.

You will need to be patient as it takes time to transition your entire life online to a password service. You’ll be surprised at just how often you use passwords. Think about it – every time you login somewhere you use a user ID and a password. Getting the system up and functioning completely can be a real challenge, but stick with it, because eventually you will be far more secure and have way less passwords to remember.

You should actually have a password service for your mobile devices and your desktop devices. These are different and will require two different downloads and if it’s a paid service two different purchases.

If you really want to boost your password security on WordPress use more than one password. Have a two factor authorization. This means that your login will require two parts of information. For example, your password and something you know. It provides an extra layer of protection in a number of applications including Twitter, Apple, Dropbox and Google.

Today is a good day to get started with your password service!

Check out the Keeper Password Manager.

Essential Tips to Keep Your WordPress Blog Secure

If you have a WordPress blog you need to be concerned with security just like you do with any website. Hackers are always looking for an opportunity to attack a site and your WordPress blog could be a target. Here are some essential tips to help keep your blog secure and hacker free.

Hide your login error messages – Error login messages could provide hackers with ideas about whether they have figured out your username and password correctly or incorrectly. It is a good idea to hide it from all unauthorized logins. Just add the following code in functions.php

add_filter(‘login_errors’,create_function(‘$a’, “return null;”));

Maintaining backups – Keep backups of your entire WordPress blog. This is just as vital as it is to keep your site secure from hackers. If the hackers are successful at least you will have a full backup files to get your site up and running again quickly.

Changing default “wp_” Prefixes – Your WordPress blog might be at risk if you are using the predictable wp_ prefixes in your database. Use the iThemes Security Pro plugin to change this.

Prevent directory browsing – Another security issue is when your directories and all the files in the directory are accessible to public. Use this test to check if your WordPress directories are properly protected:

* Enter the following URL in browser, without the quotes. “http://www.domain.com/wp-includes/”
If it shows blank or redirects you back to the home page, you are safe. However, if you see a list of items in your directory, you are not safe.

To prevent access to all your directories, place this code inside your .htaccess file.

# Prevent folder browsing
Options All –Indexes

Keep WordPress core files & Plugins up to date – One of the easiest ways to keep your WordPress site safe is to simply make sure your files are always current. Here are few ways you can do that:

* Deactivate & remove plugins not used – Unused plugin will eventually become outdated and can cause a security risk so it is best to delete them.

* Login to your dashboard frequently – When an update is available you will see a A yellow notification at the top of your dashboard. Login frequently and keep up to date with the most recent WordPress files. Subscribe to WordPress Releases RSS (https://wordpress.org/news/category/releases/feed/).

That’s just a few essential tips to keep your WordPress blog secure. There are plenty of others. Remember the more you do the less you are at risk.

Avoid Lock Outs and Protect Yourself from WordPress Hackers

If you haven’t already experienced a lockout or hacker intrusion, you are one of the lucky ones. The effects of hacking are not minor, they can bring down your entire operation, cause you to lose all of your work. Don’t put securing up your website at the bottom of your to do list or it might be too late. Let’s look at some things you can do to make sure your site is secure.

#1 Start by Creating Solid Passwords

One of the easiest ways to get through a site’s security is with their password. Many people put off creating solid passwords because they claim they take too much time, but think about the time it will take to try to rebuild all your hard work.

* Every password on every site should be different
* Every password should be at least 15 characters
* A password is strongest if it is not a real word
* Use a mix of capital letters, lowercase letters, special characters and numbers.

Your password is your first line of defense against hackers, so make sure it’s strong. Never write your passwords down, they should always be kept in your head or you can use password manager such as Keeper Password Manager.

#2 Make Sure Your Site is Up to Date

WordPress has a lot of updates, too many people don’t bother getting all of these updates, and many of them fix security breaches and bugs, as well as providing the latest features. Sure, it’s hard to stay ahead of the hackers, but taking every step possible makes good sense.

#3 Change Your WordPress User Name

When you set up your WordPress account, you will get a default login username of admin. You need a good username with a strong password.

#4 Protect Yourself from Brute Force Attacks

You may not be aware, but almost every website receives more than a couple hundred unauthorized login attempts every single day and that includes your website. To guard against a brute force attack make sure you have put into place all of the suggestions. You can install the iThemes Security Pro plugin for WordPress to protect your site from these kinds of attacks.

#5 Monitor for Malware

You must be constantly monitoring your site for malware. iThemes Security Pro is a good solution for your WordPress site and it even has a free basic version. Thought the Pro version has many additional features.

Making Sure Your WordPress is Securely Installed

Often the One-Click installs offered by many web hosts don’t install the latest version of WordPress, so after installing it, check to see if it’s the latest version and then do an update if needed. Also check the default themes and plugins and update them if necessary.

The next thing you need to do is take care of security issues on your site. WordPress has a plugin called iThemes Security Pro (formerly Better WP Security), that lets you change certain WordPress features to make it more difficult for the hackers to gain access. Be sure to take advantage of this tool to give you the best chance at a secure WordPress site.

iThemes Security Pro will let you:

* Change the default ‘Admin’ username to something different
* Lock entrance to the admin at specific time periods
* Change your admin user ID from 1 to something different
* Ban users based on the IP addresses
* Automatically email your database backups to yourself
* Change the URL you use to login from wp-login to something different
* Change your WordPress directory files from wp-content to something different
* Change your database prefix from wp_ to something different
* Check the number of hits on 404 pages and lock the user out if they are excessive
* Track any file changes
* Limit the number of times you can login attempts with the wrong password

And there’s more.

One of the easiest ways to get through a site’s security is with their password. Many don’t take the time to create solid passwords because they claim they take too much time, but compared to the time it will take you to attempt to rebuild your site, it seems like such a small price.

When you are creating a password:

Every password should be at least 15 characters
Every site should be different
Is strongest if it is not an actual word
Is strongest if it is a mix of special characters, lowercase letters, capital letters and numbers.

Regular Backups

The last thing you need to do is make sure you are taking regular backups of your site files and database(s). That way should the unthinkable happen, you will at least have a backup safely stored away, which will certainly reduce your stress.

One of the most popular plugins for doing this is called UpdraftPlus. This will create a backup and then upload that backup to Dropbox for safe keeping. You can also email that backup to yourself. That’s because the Dropbox plugin keeps only one backup, so sending to yourself allows you to keep many versions.

Get busy, add your plugin(s), change your passwords, make your backups and make your site as secure as possible.

Its Easy to Protect Your WordPress Website Against Security Breaches

If you have a WordPress site, it is very important that you take at least the basic steps to ensure you are secure from hackers. This isn’t really ‘news,’ after all this has been known for a long time, yet still many people do not stop and consider website security when they are creating their sites. They don’t do any reading on the topic because it’s too technical and just plain boring, and far too often people think it won’t happen to them. Therefore, they also don’t do anything to protect their blog or site. The good news is that in under 30 minutes you can improve your security and not spend a cent.

#1 Change the ‘Admin’ Username

The default login for WordPress is ‘admin.’ Trouble is most users just keep it that way, making it incredibly easy for hackers to figure out your user name. Now they are already half logged into your site. Change the ‘admin’ login into something new! Be sure to attribute your admin posts to your new user before deleting the admin user account.

#2 Create a Strong Password

Your WordPress is only as strong as your weakest link, and your password is often that weak link. Hackers use software that scrolls through hundreds of thousands of words looking for a match, which is why you should not be using a real word for your password. You should also not use a logical sequence of letters or numbers. So don’t use your pet’s name, your birthday, your phone number, etc. You can use a password generator to help you if you have trouble coming up with a strong password.

#3 Delete & Update

WordPress is known for being weak on security. The reality is WordPress is only insecure when the users do not keep it current. Any part of your website that isn’t running the latest version is always at a risk of being hacked. Hackers are constantly looking for vulnerabilities and if you aren’t staying current you are at risk. So make sure you are running the most current version of WordPress, installed plugins and themes.

#4 Limit the Login Attempts

Install a plugin that will limit the number of times a person can try to login before the site shuts them down. iThemes Security Pro lets you do this. When you limit the number of times one can try to access your site, you reduce the likelihood of being hacked.

That’s it – there’s plenty more so don’t stop after you’ve done these four things, but this is a great place to start.