If you check Google’s search tool for the term “WordPress Site Security” you get about 97,400,000 results.
Enter the keyword wordpress site security into the keyword tool and you’ll see about 9,900 global monthly searches and about 4,400 local monthly searches. Not too many.
Why should you care about WordPress site security?
Fact is that all your hard work is in danger if you don’t make or don’t keep your WordPress site secure. Spying and hacking have already become a “habit” but most people still don’t realize the danger resulting out of these “activities”. Don’t believe me? Take a look your daily website attacks and the hacking attempts. So you’d better care about it.
What can you do for more security on your WordPress site?
Here are the most important steps:
1) Change “admin”
Use whatever other name you like but get rid of “admin” that comes with your WordPress installation. I know, they say you cannot change it. But you can. Here is how:
- Go to your dashboard and select Users
- Add new user and assign administrator rights
(choose a unique user name, a new password –
log in as the new admin to see if it works!)
- Assign all existing posts to the new admin
(don’t forget to do that because otherwise all your posts are gone!)
- Delete the old “admin”
2) Choose a secure password
- Use your imagination but never a dictionary to choose a password
- Never use a password you’ve already used on other sites
- Make it at least 8 characters long – better: longer
- Use upper case/lower case letters, numbers and special characters
3) Watch what users do on your site
ThreeWP Activity Monitor is a free plugin that allows you watch what users do on your site. As it allows you
to monitor all activity sitewide, it will be easy to locate spam blogs and their activities.
4) Limit login attempts on your site
By default, WordPress allows unlimited login attempts either through the login page or by using auth cookies. Limit Login Attempts is a free plugin that allows you to limit the number of login attempts through both.
5) Ban users if needed
WP-Ban is a free plugin to ban users by IP, IP range, host name, etc. from visiting your WordPress’s blog.
The plugin also allows you to exclude certain IPs from being banned. Very useful!
A more complex solution is BulletProof Security, another free plugin for WordPress site security, protecting your sites against: XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking… I’ve been using this one for quite some time now.
Of course, there are many other plugins out there, free ones and paid ones which are a great help when it comes to WordPress site security and safety in general. In this article I wanted to focus on free solutions
to secure your blog or website just to show you that it doesn’t have to be an expensive or complex solution
to have your work protected.
Anything about WordPress site security you would like to read about next? Share this article with your friends and help them make and keep their WordPress sites and blogs secure!