Scott Monty - Strategic Communications & Leadership Advisor

Scott Monty - Strategic Communications & Leadership Advisor

Security for your Wordpress site

[Note: the following is a guest post.]

There are plenty of ways a hacker can gain access to your WordPress website. Your best line of defense is to make a hacker’s life as difficult as possible. If you make hacking your website as inconvenient as possible, then there is a good chance your WordPress blog will remain unmolested for the rest of its running life. As a side note, using plugins is the easiest way to improve security without too much effort, but there are a few things you should know before you start installing plugins.

Brute Force Attacks

These are the most common attacks because they are the easiest to perform. A hacker need not even do any hacking or any programming. You can buy a Brute Force program, load it onto a cloud system and have it run the program night and day until a password is found. You can even reuse the same program by paying a programmer a small fee to adjust it to suit the next program or account you wish to hack.

Luckily for you, Brute Force attacks can be fought against if you are proactive with your security. Create a longer and more complex password and the Brute Force program will need a lot longer to crack your password. If you then resolve to manually change your password every 72 days then the odds of the program cracking your password are millions to one.

Default settings and information

The default settings on your WordPress account are a big security threat. A hacker will use default information on all the accounts that he or she tries to hack. If you have kept your default username or password, then you have just made hacking your website a lot easier and more convenient for the hacker. Luckily for you, all you have to do is change your defaults to something you created that is original.

On that note, you should never re-use passwords both on your accounts and across your accounts. If you reused passwords on your WordPress blog, then you make Brute Force login attempts relevant again (making the process easier for the cracker). If you use the same password across different accounts, then when one is hacked all the others will be hacked. A hacker will try numerous other accounts by default because he or she knows that people reuse passwords across accounts.

Use plugins for security and hide your version number

If a hacker knows what version of WordPress you are using, it becomes a lot easier to hack your website. This is especially true if your website is run with an older version of WordPress; which is also a good reason why you should update whenever you can.

There are plugins on the market that will remove the version number from your WordPress account so that hackers cannot see which version you are using without gaining direct access (or guessing). There are also plugins that tighten up your security too, and many of them require very little effort from you at all.

Plugins you may like to try

Be very careful of article such as these that promote the use of plugins because they are usually funded by the WordPress plugin developers themselves. With that said, here are a few plugins you may like to research and try. They are security plugins that remove a lot of the manual work from securing your WordPress website. As a side note, be very careful when downloading from third-party sites. There is a WordPress run plugin marketplace that features numerous trusted plugins you can download.

All-in-one WP security and firewall

This is a plugin that is free and it has a lot of features that help to tighten your WordPress security. It is better that you use a plugin such as this rather than the paid security your hosting package offers. This is a plugin that does tweaks smaller coding issues so they are not as inviting for hackers. It also features a firewall that may help protect your website from more active attacks.

BBQ - Block Bad Queries

This is not a very popular plugin, but it offers a trouble free solution to blocking malicious requests. It is a very simple plugin and is good because it works behind the scenes to protect your website from spammers that are hoping to bring it down. It has had over 180,000 downloads and was updated in September 2014, but this is not an issue as it is a simple app and doesn’t need frequent updates.

iThemes Security (formerly Better WP Security)

This is the number one security plugin on the WordPress marketplace. It has the most users and highest rating of them all. It is an umbrella security plugin, which means it has its finger in all the pies. It makes hacking your website difficult, makes installing malware on your website difficult, and makes your website appear harder to hack than it actually is.

Whichever approach you take, you'd do well do consider the security threats to your WordPress site. And frankly, running a combination of the above defensive moves could put you in the best position to avoid any hacking attempts.

About the contributor: Michael McPherson is a graduate student from Boston University, freelance blogger and a regular contributor at www.topreviewstars.com.