How to Keep Your WordPress Site Secure From Hackers

Computer hacker

You need to change your WordPress login information.

Now.

The world is a scary place. It’s important to remember that not all the mayhem is physical.

Right now, there are hackers trying to get your information from your website.

There were more than 1 million hacking attempts on April 11, 2013.

That’s right, one million.

We’ve all heard warnings about internet safety for years. But in the last few weeks, internet hacking attacks have increased and thousands of sites have already been compromised. 

There were more than 1,000,000 scans /hacking attempts that occurred on April 11, 2013. Sucuri just published an in-depth blog post on the details of the hacks that is well worth reading.

The Battle of the Botnets is just beginning.

Hackers are using botnets (a series of networked, compromised computers) to try to gain access to websites all over the world. Once a clean computer is compromised, it joins the “dark side” as a new recruit in the botnet army. Hackers can have their wicked way with your site, uploading files, changing content, and inject malware…all without your knowledge.

How are they getting in? The way into your website is by figuring out the username/password combination.

Remember trying to figure out a combination lock the hard way as a kid? At first it was fun but after awhile, you gave up. The botnets don’t give up. They just keep trying.

Every time a botnet tries to login, they are using your server’s resources. When thousands of botnets are trying to log in at the same time, it can mean serious trouble. Your site performance can slow down, causing headaches for everyone. Additionally, people have had their site suspended because of the load on the server.

You should not take this threat lightly.

Tweetables

  • How to Keep Your WordPress Site Secure From Hackers – Click to tweet.
  • Is it safe? Is it secure? // How to Keep Your WordPress Site Secure From Hackers. – Click to tweet.
  • Time to change those passwords! – Click to tweet.
  • There were over 1,000,000 hacking attempts on April 11. Time to look into website security! – Click to tweet.
  • The battle of the botnets is just beginning. Here’s how to protect your website. – Click to tweet.

 

What you can do to protect yourself from hackers.

There are a few things you can do to protect your WordPress site secure from hackers. I recommend starting them as soon as possible.

  • Change your username / account (avoid the “admin” and “administrator” usernames)
  • Change your passwords

1. Change Your Username / Account

If your username is still the default “Admin” I would suggest changing it. Right now. Most of the attacks are happening to accounts using this name. Simply changing it will increase your protection.

Here’s how you do it:

  •  Login into your WordPress admin panel using your admin account.

Admin Login

  • Select the ”users” area from your dashboard sidebar.
    • Click on “Add New User”.
  • Fill in the form and choose ”administrator” in the ”Role” drop down menu. You will need to use a different email address than the one currently linked to your website.
    • When finished, click on ”Add New User”.

Add new user

  • Log out of WordPress.
  • Log in again, this time with your new WordPress admin username.
  • Navigate back to the Users area.
  • Delete the previous Admin account.
    • Next, you will be asked about the articles posted under the the previous ”admin” username.
    • Select the option “attribute all posts and links to:” and select your new username.
    • When ready click “Confirm Deletion”.

It’s important to use common sense when you are choosing your display name. Make sure that it is different than the username. This is important for all users but exceptionally so for those with admin power. 

2. Choose a secure password

Some important information on passwords from Zone Alarm

Some important information on passwords from Zone Alarm.

As you can see, there are only so many combinations in the world. Unfortunately, most people pick the same ones because they are too lazy to make something original. If any of your passwords are on the above list, or on the list of the 25 most common passwords of 2012, change them now.

Your new password should contain:

  • Numbers
  • Symbols
  • Lower and upper case letters

It will also help if your combination is longer than 12 characters.  Think of your password like a Rubik’s cube; you want to make it as hard as possible for the botnet army to crack.

If the thought of remembering 12 character passwords makes you cringe, don’t.  You can use a password vault so you only have to remember one secure password. Here are a few that will help keep your passwords secure:

I think my site has been compromised. Now what?

The first step is to do a quick scan to see if that’s really the case.

Sucuri offers a free site-scan. It’s not 100% accurate but if your site has been compromised, chances are that Sucuri will be able to tell.

Talk to your hosting company

Not all hosting companies are created equal.

A good hosting company will provide:

  • Additional security
  • De-hacking help
  • Automatic website backup

Those are three of the services that Author Media provides for hosting clients.

If you find out that you have been hacked, call your hosting company. If you cannot get hold of them, or you are self-hosting, call another hosting company (you can call Author Media).

Go through the above steps (changing your passwords!) if you haven’t already.

Hopefully, you will never have to go through the experience of having a hacked website.

It’s your turn. Have you ever been hacked? What do you do to keep your website secure?

Is WordPress Safe?

Yes! WordPress is a very secure content management system. But even the most secure bank can be broken into if the front door is left unlocked.