Have you ever had a feeling that you didn’t turn off your iron or left the door unlocked? Most likely you have – you care about safety. And what about safety of your website, are you sure it’s protected? Lots of hazards await out there, make sure you got everything covered.
These are 8 tips which will help you do that.
1. Secure Hosting
The very foundation of your website. Some hosting providers may have vulnarabilitites which bring their customers to website hacks. There are many security breaches which you can prevent yourself, but you can’t take control of this one. The only thing which you can do is choose a secure hosting provider. Do a research, consider the comments, pick the most reliable provider – that’ll enhance your safety a lot. Keep in mind: a secure hosting is never the cheapest option, but always the best one.
Don’t use “admin” or “administrator” as your username. These are the most often used usernames in WordPress and they only simplify hacking process. So if you have them as your usename, change them immediately (for it might be at this very moment someone is trying to get an anauthorized access to your website). The fact is, according to the statistics about 74% WordPress websites are vulnarable to hacks because their owners didn’t change the usename they initially got.
3. Strong Password
Using passwords is known to be ancient. Cracking passwords has been known since that time, too. Remember: any password can be cracked, it’s just a matter of time.
In order to strengthen your WordPress password you can do the following:
1. don’t use one password twice
2. use both lower and upper case letters
3. use figures in your password
4. add some symbols
4. Secure plugins/themes
Choose secure sources for downloading free plugins and themes. Danger may be hidden in freebies if they are downloaded carelessly. Free themes may contain links on the footer that can’t be removed, viruses to harm your data and so on. If you need a free theme/plugin only, use wordpress.org. And if you want to get a great set of premium themes you may use such companies like Crocoblock.
5. Update everything
Admit that at least once you closed a window which said you were to update something. In WordPress you should update everything – themes, plugins, WordPress version. Using a new version is safer and better.
6. Use Security Plugins
- Captcha is a great plugin for defining whether or not a user is human
- Limit attempts limits access attempts and, when the limit is exceeded, blocks an IP of the user for a while. In case login attempts constantly repeat – it blocks the IP.
- Exploit scanner plugin finds suspicious code.
7. Change the database prefix
If you haven’t changed your database prefix yet and you have a default one ‘wp_’, most likely hackers potentially know your table names. An automated attack can read/write information to these tables. Change your default prefix and your website will have one hazard less.
8. Back up
Always back up. One day backing up may save your website’s life. No matter what happens to your site, it will be restored easily.
You can read more on backing up on a Crocoblock blog.
In case you have been hacked: don’t panic. You’ll have some work to do, but you can clean it up.
change all the passwords, including those for database and hosting
reinstall the latest version of WordPress
change all the secret keys in wp-config.php
export the old data base and clean it
after having exported, change all users’ passwords
import the data into the new WordPress
check your download destination so there are no unnecessary files
check every plugin and install their new versions using from wordpress.org
Afterwards, think how the hacker could have got into your website. You can request your hosting provider for an access journal – it should help you figure out what has happened.
Good luck and be safe!