How to prevent my WordPress site from being hacked.
Do you have a WordPress site that has outdated plugins and themes or are you sill using the default username? If so you may need to ask yourself how to prevent my WordPress site from being hacked.
One of the most common security issues when it comes to WordPress is that website owners still use the default username that was allocated during the set up. Usually Admin or User is the top choice when creating a new install.
The number one priority upon setup completion should be to create a new user, choose a username that contains upper and lower case characters and then assign a tough to crack password then delete the original user altogether.
I know this sounds completely obvious but it is amazing how many thousands of WordPress websites still have weak usernames and passwords making it incredibly easy for a Botnet to gain access and compromise your site.
By using a default username such as admin, you are leaving the door to your website half open to hackers.
Update your themes, plugins and install the latest version of WordPress.
The next common security flaw a website owner neglects to identify is that out of date versions of WordPress, themes and plugins leave gaping holes in your website. One of the main reasons why the WordPress platform is updated so often is because there are security issues where hackers have found weaknesses in the software and have managed to overpower a website.
If you are reading this and are wondering how to keep your entire WordPress website up to date, take a look at the diagram below. When anything needs upgrading to a new version there is an indicator situated on the black bar across the top of your admin panel that contains two circular arrows and will have a number next to it to tell you how many updates are required.
Its a simple process, just click the arrows and select the plugins or software that is listed and the site will work its own magic from there.
Click on the image below to enlarge
Remove unused themes
Did you know that just because a theme is not active it doesn’t mean to say it is not a security vulnerability? I read last year when millions of WordPress sites came under a brute force attack that one website owner who had over ten websites hosted on her server had her website compromised.
Upon investigation it turns out that the intruder was able to use an unactive theme that was out of date as the gateway into her site. From there they managed to take over her server resulting in hundreds of thousands of files had to be deleted from the server in order to clean it up and she lost everything because she had failed to create a backup.
Finally, there are so many free security plugins available to install that will help keep your site safe. It takes just a few minutes to install one and to get you started, this is the plugin from Bullet Proof I use to keep my site free from unwanted intruders.
Its best to ask yourself the question – How to prevent my WordPress site from being hacked rather than having to ask yourself how to get control back of your hijacked site.