If your running a WordPress web site then chances are you have been the victim of hacking or spamming. Protecting your WordPress web site really comes down to a few key areas as detailed by WordPress;
Reduce the number of entry points that a hacker could use.
Your WordPress web site should be set up so that any damage that could be caused is limited should your web site be compromised.
Preparation & Knowledge
Keep regular backups of your site & be sure to know the status of your WordPress installation. This will make restoration of your web site much easier should something happen.
Update Update Update
This is possibly the golden rule to keeping your WordPress web site secure. Each new release from WordPress contains new features but also bug & security fixes. Many hackers will look to target out of date WordPress installs. Keep checking your WordPress dashboard to see when a new version is available.
The WordPress dashboard will also notify when your plugins have available updates. Its equally important that these are kept up to date. An out of date WordPress plugin can pose a security risk to your site.
Having a secure web site host is equally as important as keeping your WordPress site up to date. Dont always settle on the cheapest hosting, choose a host that has experience of hosting WordPress web sites & has the security measures in place on there server to limit the ability for hackers to attack your web site.
This is something that we come across a lot. Whether its for your WordPress site, Email, PC or any other log in make sure you use a secure password. Use a password generator such as Secure Password Generator. Ok, so the password might not be easy to remember, but when hackers use a brute force attack to try and compromise your site, they will have a much harder job.
A brute force attack is when a hacker uses combinations of usernames & passwords to gain access to your site. having a password such as 123456 will make a hackers life simple, having a secure generated password such as a!;G(@K8:d3#92v will make their life a lot harder.
Dont use Admin As Your Username
Following on from using a secure password, don’t use Admin as your username. This is the first port of call for any hacker to try when trying to hack your WordPress web site.
Keep Regular Backups
All good web hosting providers will backup your site, so that should the worse happen, you can easily be restored. If your not sure if you host is backing up your web site you can easily install a plugin to your WordPress site that will enable you to do this yourself.
Hide Your Username
When publishing Blog Posts WordPress will display your username as the “author name” by default. This can be prevented by logging into your WordPress dashboard, selecting the users menu item, creating a Nickname for your user account, and setting this to display instead of your real username.
Avoid Free Themes
Free theme’s are great if your building a site yourself and to a budget. But often free themes contain extra code that can insert spam links and other unwanted nasties into your WordPress web site. Only use themes that are from trusted sources and developers.
Use A Good Security Suite
There are some great security plugins available for WordPress that act like an anti virus and anti hacking system for your site. They can help to prevent common types of attacks and protect your site from hackers. These security packages provide a huge range of security features and most are made with a novice user in mind, with easy configuration options, and good explanation. Like any security suite be careful with what you do & make sure to backup your site before you make any major changes.
Use Captcha On Your Forms
Captcha stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. Essentially its a system that can check if a form is being filled in by a human, or a computer. Not having Captcha on your forms will mean that you will end up with spam bots targeting your forms, and your inbox being full of spam. Captcha is a must on any login form for the site, this will prevent bots from trying to log in with fake details. There are some great Captcha plugins out there, and any good form solution for WordPress will have the ability to easily add Captcha to your forms.
Dont worry, all of this may seem a little scary to a novice WordPress user but these tips will help you to better secure your website and prevent any unwelcome visitors taking down your website & causing you a WordPress headache.
There are some other good resources on the WordPress web site that help you to better understand and secure your site check out Hardening WordPress.