Are you scared after reading the title?
If not, then you must be scared because literally your blog can be hacked within tomorrow if you don’t deal with the necessary security issues of your WordPress blog. The only reason I am writing this article is to make you alert about the rising online crime which is hacking and to save your online assets from unauthorized persons. Here is the screen of what’s going on through my blog for last several days.
Yah, these are Lockout notification of my blog which indicate failed hacking attempts. A site can be hack in various ways such as SQL injection, Cross site scripting, Click jacking, DNS cache poisoning, Remote code execution and so more as well as DDoS attack can be done to make your site down. Good news is WordPress reduces the chances of getting hacked via above methods because of its frequent updates. Still your site can be hacked if you don’t take the initial steps to save it from unauthorized persons. Below I have mentioned 9 simple and obviously very important steps to make your site highly secured and almost impossible for hackers to get access in it. However, you must keep in mind that Hackers are the most intellectual human group of online community. Even big tech giants like Yahoo, Sony, Facebook etc. got hacked in the history. Here goes the 9 steps to make your site highly protected:
#1. Reliable Hosting Server
If you hosting server is not reliable then you are in the ocean of danger. No matter how much precaution you have taken for your WordPress blog, if your server’s security is weak any average hacker can get access. So, if you think your hosting server is not reliable then I suggest you to start securing your site by changing its hosting server. Here are some qualities of reliable server:
- Uses updated hardware for server.
- Managed by real experts.
- Auto server backup system enabled.
- Able to detect DDoS attack.
- Quick consumer support in case of emergency.
#2. Stay Updated
Not staying updated is the biggest reason of getting hacked in case of WordPress blogs. WordPress itself along with its themes and plugins release new updates constantly after a particular period of time. In order to stay safe you must keep all your plugins and themes updated along with WordPress CMS. Old version of CMS, plugins and themes may contain security hole which can be the doorway of hacker to get access to your WordPress blog. Therefore “Always Stay Updated”.
#3. Say No to FREE
I know it’s quite hard to say NO to free products especially for the newbies but in order to increase your safety level you need to do it. Basically most of the free plugins and themes are not updated for long time. Besides, some are created by hackers to trap you. I am not saying all free themes and plugins are bad but you must check the validity and authenticity of free plugins and themes before using them. For me it’s better to go with premium. I mostly like premium products for 2 major reasons. Firstly, it’s safe and keeps me ahead of many other people (as most of the people are not using premium products) and secondly, I can get any type of support on demand.
#4. Selection of Username
Do you know what is the most used user name of WordPress blog? Yah, it “admin”. Perhaps you are also using this as your login user name. If so, then you are in the list of 70% WordPress blog owners who are at the risk of getting hacked. Therefore, I strongly recommend you to avoid using “admin” as your blog’s user name. Ohh sh*t! You already did it in your existing blog and user name cannot be changed by default. Here is the simple solution, install Username Changer plugin and change your username. Isn’t it very simple? By the way, if you are not willing to slow down your site by installing so many plugins then remove this plugin after changing your blog’s username.
#5. Password Protection
Password is a buzz word in the arena of security. Here are some quick tips from my point of view to make your password stronger than ever:
- Make your password 12+ characters
- Use both lower case and upper case letters
- Mix up with numeric values
- Include special sign such as (, %, &, #, @ etc.
- Avoid using any kind of name or date
- It’s better to avoid dictionary words as well
Here is an example of strong password: G0me&ui@%H7oo
If you want strong password that is easy to remember then you can go for sentence based password with complex characters. Such as: YouGot78%of$2500
#6. Login URL
Default login URL of WordPress blog is “yoursite.com/wp-admin” which is pretty easy to find out. It’s better to change your default login URL, which means an extra layer of safety. To do this, simply install Rename wp-login.php plugin and change your login URL to whatever you want from Permalink section of Dashboard.
#7. IP Lock Down
This step is very effective and essential to keep your WordPress blog safe from average and advanced hackers. Use All in One WP Security plugin for this purpose. This plugin will block any IP address after using wrong username and password for several times based on your setting. It will also notify you via Email when someone tries to login with wrong username and password just like above screenshot of my Email inbox.
#8. Captcha Protection
Although captcha protection seems very common to some people, it plays vital role to save your WordPress from automated dictionary attack and brute force attack. It’s a good practice to use captcha in your login page. You can use any captcha plugin from WordPress store such as Captcha by BestWebSoft to set an extra security layer on your WordPress blog.
#9. Comment Section Protection
Some of you may think it’s needless to look at the comment section for security purpose. For you kind information, a website can be hacked with a single comment as well. So there is no reason to keep the door open for the hackers. I highly recommend you to use Akismet plugin for blocking spam comments. If you don’t want to take the hassle of approving every comment by yourself then you can set any kind of human verification in comment section. I suggest to take the hassle for yourself rather than giving it to your readers.
Time for action:
It seems you have completed you masters on securing your lovely WordPress blog. Just reading this article cannot save your blog from the aggressive hand of hackers. You must take action as mentioned above. If you are still confused with any of above security steps then please let me know via comment. Never ever hesitate to speak your mind.