With over 61 million installations worldwide written in 120 different languages WordPress is the single most popular platform for blogs and website content management systems. It’s easy to see why WordPress is so popular (we use it after all) with the flexibility of using fully customised themes, hundreds of different plugins and a structure that’s already smoothly coded and highly optimised for the search engines. But with all this popularity and widespread use comes a danger.
Sadly when a platform becomes popular with people who see its advantages it also becomes popular with those people who get enjoyment from trying to harm or damage someone else’s work. Hackers have been increasingly targeting WordPress blogs, and in many cases the owners have made it extremely easy for them to do so. I thought that today it would be helpful to list a few simple things which you can do to help improve the security of your WordPress blog and safeguard your hard work. This whole list shouldn’t take more than 10 minutes to complete!
1. Backup. It seems silly to have to point it out but talking with other people it always amazes me how irregularly people back up their WordPress installation. WordPress includes an export function for the blog posts themselves, but don’t forget to backup your WordPress folder too. Don’t just rely on your web hosting company to do your backing up for you.
2. Update. WordPress is constantly being updated, and many of those updates include improved security functions. It’s important to make sure that you always keep your WordPress installation up to date, and it’s very easy to do this. Just go to the ‘Updates’ page within your Admin Dashboard and you’ll see whether you have the latest version or not. At the time of writing the latest version is 3.2.1. If you don’t have the latest version a message will clearly tell you so, and you’ll be encouraged to update. This will usually only take a few seconds and won’t change the way your blog looks in any way – it’s just a bit tighter and a bit more secure.
3. Admin. It’s astonishing how many people keep the name of their admin as ‘admin’. For a hacker this is gold, simply because you’ve immediately halved the time it will take for them to hack your site. Many people who offer advice on securing your WordPress blog will encourage you to either delete the admin account and create a new one or change the ‘admin’ name. However, we feel there’s a better way. Rather than deleting the admin, create a new admin user and then demote the ‘admin’ account to subscriber only. In this way anyone looking to hack your site will latch on to the fact that the ‘admin’ account exists, but even if they manage to crack the password they’ll be unable to make any changes to your blog.
4. Login Lockdown. This is a simple but very effective plugin which restricts the number of failed logins which can be allowed to 5. This means that anyone trying to crack your password will be locked out for several hours after the first 5 failed attempts. You can download this plugin here: http://wordpress.org/extend/plugins/login-lockdown/.
5. Encrypt. Unfortunately one of the weakest areas of your WordPress blog or website is the login page, because when you type in your password this is actually sent unencrypted. This means that hackers can more easily intercept your details. To combat this download the Chap Secure Login plugin from here: http://wordpress.org/extend/plugins/chap-secure-login/. What this does is to hide your password with a randomly generated number which is then transformed using the SHA-256 algorithm. Basically this means that even if someone does manage to intercept your login credentials they’ll be completely unable to decrypt them.
There are many more ways of securing your WordPress blog, but these are some of the quickest yet most effective ways we’ve come across. What do you use? What plugins or methods would you advise people use to protect their WordPress installations? Have you ever been hacked, and if so, how did you manage to recover and what do you do now to secure your site more effectively? Share your tips and experiences below.