When I first started blogging, whenever I heard people talking about “hackers”, I shrugged it off. Who would want to hack my measly little blog? So I continued trucking along with my handful of followers. Then I got hacked… and it was a nightmare.
A few months later, still a WordPress novice, I decided to make some updates to my site. Somehow, I crashed the whole thing.. another nightmare.
You don’t need to be a WordPress professional to protect yourself from being hacked or from a technical slip up wiping out your site. Here are a few simple steps you can take:
Change your login name
The default “admin” login name is the easiest thing for hackers to utilize, since there is no guesswork as to what your username is. Avoid using your name as well if you can help it, try a creative combo of letters and numbers.
Set a strong password
Don’t be one of the easy “password1″ targets. Come up with a strong password, consisting of letters, numbers, and even special characters to ensure it’s not an easy entrance for hackers.
Keep your site clean
Not using a plugin anymore? Delete it. Afraid you’ll forget the name of the plugin? Keep a list somewhere.
Limit WordPress Authorization
Like Twitter and Facebook, there are quite a few sites that allow you to authorize WordPress. While I do have a few apps that I allow this for (to share posts on FB and also to automate some tasks), be sure you only grant access to platforms you trust. Remember, if they get hacked, you can get hacked.
Complete updates right away
Using an old version of WordPress puts you at a higher risk. WordPress doesn’t come out with updates for new features alone. Oftentimes, updates include additional security features. The same goes for plugins – if you see an available update, take the time to do it.
Here are two great plugins you can use to help protect your site:
- Limit Login Attempts: By default, WordPress allows for unlimited login attempts. This makes it easy for hackers to get in using “brute force”. This plugin will limit the number of attempted logins, making your site a little safer.
- Wordfence: This is a new one I just stumbled upon, but according to the description it ”includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers”. It also claims to be the only plugin that can repair your site even without backups. Definitely worth checking out.
To backup, go to Tools in your WordPress sidebar and select Export. If it is your first time exporting, it will ask you to install a plugin. Select the WordPress option and install. Once you’ve done that, back in the export area check “All content” and then click on the “Download Export File” button. I typically do this weekly and save the most recent one on my desktop, and delete the previous one. The frequency is totally up to you (I know people that do it daily, or just after they add content). There are plugins out there that can automate this for you, but since it’s just a few easy steps, I don’t mind doing it on my own.
The majority of bloggers do not get hacked, but it can, and does, happen regularly, so it is important to protect your site as best as you can, and, at the very least, keep regular backups.
What do you do to protect yourself from hackers? Have you ever been hacked?