With more and more businesses relying on their online presence to share information and generate sales (or donations), we thought it would be a good time to share a few quick and easy tips to help secure your WordPress site from hackers.
Although WordPress was developed with security in mind and is considered a secure platform to run your website, no platform is 100% secure in today’s world. All sites are vulnerable. No matter how much time you’ve put into trying to protect your site, it can find itself in harm’s way, even when you have done nothing wrong. This is just how the internet works and how random attacks are carried out. Here are three steps you can take to minimize that risk:
1. Limit Login Attempts
One of the most common attacks is human or bot hackers trying to force their way through your login page by trying various username and password combinations until they succeed in hacking your website. This is called a brute force attack.
By default, there is no limit on the number of times that someone can try to log into your site. However, most legitimate users won’t need more than three tries,at most, if they mistype or forget their credentials. You can limit the number of login attempts made from a specific IP address within a set period of time to diminish the risk of a brute force attack. Any user who goes over the limit can be automatically locked out, helping to deter attacks.
One of the best options to help control the login attempts is by using a WordPress plugin. Two popular options include Limit Login Attempts and Login Lockdown, which are both free. By using one of these plugins, it may help prevent a hacker from succeeding.
2. Use Strong Passwords
When choosing a password for your WordPress site, make sure it is strong. The best way to do this to use a mix of uppercase and lowercase letters, numbers, and symbols. Your password should also be a minimum of twelve characters long.
I know you’re thinking, “That is a lot of characters! How will I remember them, especially when I should have a different password for every site or login I have?” We highly recommend using a password manager like LastPass for just this reason. If you don’t want to create your own unique 12-digit code, WordPress has a built-in password generator, which is very helpful.
To put the value of this 12-digit code in perspective, here are some stats that I got from a recent three-day webinar held by ithemes:
- A 7-character password will take .29 milliseconds to crack.
- A 8-character password will take 5 hours to crack.
- A 9-character password will take 4 months to crack.
- A 10-character password will take 1 decade to crack
- A 12 character password will take 2 centuries to crack.
Those numbers should give that extra incentive to add a few more characters next time you need a password. Also, it’s a good idea to change your passwords often to help decrease a hacker’s chance of infiltrating your site. This doesn’t mean once or week or anything crazy; but try making this a quarterly task on your to-do list.
3. Keep Your Software Updated
Just like with most software products, every once in a while there are bugs or holes discovered in the WordPress platform, so it is important that you make updates often to protect your site from an unwanted attack. This includes core updates to WordPress as well as theme and plugin updates. Those updates aren’t always about offering new features, they often also contain security patches.
Failure to update themes and plugins has become the number one reason WordPress sites get hacked. Once a known weakness has been detected, bots will search the internet looking for sites running the older versions of software to attack.
Another good practice, while you are updating your software, is it to delete any unused themes and plugins that you have loaded, so that they don’t become a vulnerability or security breach point as well.
With these three relatively easy and quick tips, you are taking a big step toward keeping your WordPress website secure. Every precaution you take makes it harder for a hacker to break in and easier for you to focus on the more important things … like your business.
