WordPress is an open source CMS software and as such a WordPress powered website can be attacked by hackers who exploit known security holes, or simply by taking advantage of standard installations of the software.
Once your website has been hacked in it can take some hours to restore if you have made recent and complete backups. In case you haven’t put in place a backup strategy check with your host to see if they’ve made automatic backups for you. If so they would be able to restore your blog/website and they will likely charge you a fee for the service.
In order to make your WordPress website more secure review the following tips and implement as many of them as possible:
1. Keep your WordPress core files and plugins up to date
Install or upgrade to the latest stable version WordPress. You’ll see a notice inviting you to upgrade your WordPress and/or plugins in the dashboard if newer versions exist.
2. Only install and use themes and plugins from trusted sources
A plugin can take over your blog. Check out reviews from other users before you install and activate an exotic plugin.
3. Use Secret Keys in wp-config.php
There is a section in the wp-config.php that starts with “Authentication Unique Keys and Salts.” as comment. If you haven’t put unique key phrases there then you can generate them by visiting this URL: https://api.wordpress.org/secret-key/1.1/salt/
4. After a fresh installation, log in, create a new user with administrator privileges and delete the default ‘admin’ account
Hackers would start trying to hack in by using the default ‘admin’ account.
5. Make the password of the new administrator account very hard to guess
I would recommend the use of LastPass to generate and manage passwords for you.
6. Keep to a minimum user accounts with administrator privileges
Use other roles like author, contributor, editor.
7. Put an empty index.html file in every folder that doesn’t have an index.php or index.html file
Connect to your host with an FTP client and browse through the folders of your WordPress installation.Where there is no index.php or index.html file just drop an empty index.html file there. It will prevent browsers to list what’s in the folder.
8. Force SSL encryption if your host allows it
Last one
Another tip that I don’t necessarily include this list of measures preventing hacking but is crucial is make complete backups of your website regularly.
Photo credit: mikerawlins
{ 0 comments }