WordPress – is your site secure? Tips from Blue Sky Caravan
WordPress is one of the most popular ways of putting up a website. With it’s popularity comes the opportunity for hackers. That said, lets look for the Blue Sky and make sure we are protected!
It’s very unlikely some person is sitting behind a computer screen somewhere feverishly trying to hack into your site. However, it is entirely possible that hacker-bots could try to gain access to your site to plant nasty code to snare unsuspecting visitors. This could result in your site being responsible for spam or other malicious code doing dirty deeds. It could result in your site being pulled down by your hosting company if the attack is severe enough.
FEAR NOT! Here are a few things you can do to help make sure your WordPress site is safe and secure. This applies to WordPress sites that are installed on hosting accounts (WordPress.org not WordPress.com).
How to protect your WordPress site
A wise word before we begin. IF you are unsure about ANY of these things below – it is far better to ask an expert or pay someone to take a look at your site for you. Most of these things are simple and straightforward but if you are feeling any unease then it’s best to get help. If you are confident you can manage these tasks it is always best to do a backup before you start. If you don’t have a backup plugin installed you might want to check out ‘Backup’, or ‘BackWPup’ or do a search to see what is currently recommended. OK, here we go! Here’s a recent list of popular ones at time of writing – Top 6 WordPress Backups 2013
- If your login name is ‘Admin’ change it! Why? When bots try to login to WordPress accounts the first username they will try is ‘Admin’ because it is the default name, they will attempt to gain access with that name and run a series of passwords to see if they can get in to your account.
Here’s how - login to your WordPress dashboard and click on ‘users’ in the left hand menu.
Create a new user and set their permissions to ‘admin’.
Log out of WordPress and log in with the new name (to make sure you have it saved correctly).
Make a note of the name and password in a SAFE place.
**Important**Go back to the ‘users’ section and delete the user there that is called Admin – you will be prompted to set all links and posts to another user, be sure to select the user you just created otherwise you will loose all your posts! eep!
- Change your password regularly. I know!!! This a HARD one to do! If you are really opposed to changing your password then at least make sure that you have a really good one that uses letters, numbers and symbols. The longer it is the less likely it is to be cracked (at least 8 characters).
- Make sure you have the latest version of WordPress installed.
Here’s how - in your WordPress dashboard click on ‘updates’ (near the top in the left menu).
This will tell you what version of WordPress you are using and whether you need to update.
It will also let you know if any of your plugins need updating.
If you don’t feel comfortable doing the updates yourself have someone do them for you.
Out of date versions can be more susceptible to hacking.
- Also keep your plugins and themes up to date.
Here’s How - Themes are found under ‘Appearance’ – if you are using a paid for theme you will likely be told if there is an update. Free themes may or may not let you know.
Plugins are found under ‘Plugins’ and there will be a note to let you know if there is a more up to date version available.
You will also see the plugin info under ‘Updates’ near the top of the menu as I mentioned earlier.
- Delete any plugins and themes that you aren’t using.
Here’s how - Themes can be found under ‘Appearance’ in the left menu of the dashboard – you’ll be able to see which theme is currently being used and which are redundant.
***IMPORTANT*** If your current theme says it is a ‘child’ theme to some other theme be careful not to delete the theme to which it is a child.
If you are unsure – get someone who knows how to do it for you.
Plugins are listed under ‘Plugins’ and you can see which are activated.
To delete inactive ones select them and choose delete from the drop down menu above the listings.
Again, if you are not sure – ask an expert.
One more precaution – back up your WordPress site regularly. That way if something horrible ever should ever happen you will be ready to re-install it without loosing too much of your hard work. Stay safeby