Lots of WordPress users still don’t pay enough attention to the security. A big and famous webstites’ owner often are so focused on content that they forget about an appropriate blog’s protection. Predicting a future is a hard skill, but in this case we can say without any doubts that some day they can be very suprised, unfortunatelly in an upset way. Problems with hackers range also a smaller blogs – for the special boot your popularity isn’t such important, it just want to use your website to some special (often unpleasant for you) aims. So, no matter if your blog is a very popular or not, you should be aware of consequences connected with the irresponsible attitude to the WordPress security.
The appropriate login and safety password
The most trivial and like always with trivials is – the most ignorated aspects are appropriate login and safety password. Being an „admin” is something highly… risky (to avoid word stupid). „Admin” is a default word and many users don’t change it. The main reason is obviously the laziness, but in some case people just think that there’s no need to put a new login, because the default proposition is the best. Nothing could be more wrong! „Admin” is a first word that „came to a hackers’ mind” (from the reasons mentioned before). So, setting „admin” as your login is like saying yes to proposition „do you want to be hacked?”. If you are „admin”, don’t concede and change it as soon as it is possible.
The similar situation is with password. In contrast to login, WordPress don’t promt anything, so the users must think a little. Unfortunately, in many cases they follow the conviction that the best is the simplest to remember and they put someting such bright like „123”, „password123” or „admin1”. This don’t demand a comment, I suppose. Obviously, there’s no aim to deride but it’s necessary to be really aware of the password’s importance. There is one advice – the less obvious is the more unique, and the more unique is better. If you are in charge of plenty of passwords or you have a problem with remembering, use Last Pass. Never let your browser to remember the password in your behalf! Always neglect this kind of alert.
To have more control, install Login lockdown. This plugin lets you set the number of login attempts from one IP adress. If someone exceed the limits, WordPress will block the further trials. It’s also necessary to remember about FTP password. Changing it frequently (for example once per few months) is a really good habit. It can prevent you from unwanted attack.
Do a backups as often as you can. Having your blog’s content in other place (not even on your website) is the best protection which makes you sure that your job’s effects won’t dissapear. Use WP DB-Manager. It’s a great helper – this plugin will make a backup frequently (as often as you set it). WP DB-Manager proposes also sending backups via e-mail. Really useful.
Don’t neglect the upgrading
Regular upgrading is the nessesity. A new version doesn’t just give you a new functions. Firstly, it alleviates all the previous programming damages and bugs. So, don’t neglet the uprading alert and try to be up to speed – follow the WordPress News. And if you don’t use some plugin just delate it.
Use the security plugins
Consider about installing the security plugins. Here’s some examples:
- WordPress Simple Firewall
- iThemes Security (formerly Better WP Security)
- SmartFilter Security
- BulletProof Security
A little more advanced – setting the .htaccess file
Htaccess file is a special file which causes local changes in the operation of the server, in accordance with the directives contained in the configuration file.
Htaccess file configured correctly will change the server defaults within the directory where you placed, and its subdirectories. The subdirectories can be placed further htaccess files, thereby changing the settings for each folder.
To get more precise information read the .htcaccess tutorial.
Image source: link