We all know that so many WordPress websites have been under attack from cyber criminals and hackers lately. So in this article we’re going to give you seven tips on how you can prevent your website from being hacked and compromised.
Now very first tip would be to limit the number of incorrect login attempts that can be made to your website. And our favorite plugin for doing this would be the “WP Limit Login Attempts” plugin. This plugin is particularly useful for fighting against brute force attacks. Brute force attack is a simple method used to obtain information such as a user password or personal identification number. In a brute force attack alternated software is used to generate a large number of consecutive guesses to get access to the desired data. The free version of the WP Limit Login Attempts plugin fights against this by setting the number of login attempts to five, the lockdown in minutes to ten and a number of attempts for capture two three, while the pro version allows you to change these values to whatever you desire.
Hide Your Login URL
Tip number two would be to disable the default login URL for wordpress. We all know that it’s pretty easy to find out whether or not a website is made with wordpress. All you’d have to do is to go to the URL and then add “/wp-admin” and press enter and then of course we expect to see the default login page for wordpress. You can prevent this by actually using the plugin called the WPS Hide Login. This plugin allows you to create your own customized login URL, so rather than “wp-admin”. Your url could be “Sesamestreet” or maybe even “openSesame”.
Update All Plugins
Tip number three would be to ensure that all themes and plugins on your website are up to date. You’d be surprised at how many times hackers have been able to compromise the website, simply because one or more plugins were not up to date on the website.
As an extra tip is to ensure that any plugins that you’re not running on your website are either deactivated or completely deleted from your WordPress site. The less plugins you have installed – the less vulnerable your website is.
Fake Admin Account
Tip number four going to be downgrade the role and capabilities of the admin username. Most people would recommend you that you don’t even have the admin username to begin with. But I would like to recommend you that you actually go ahead and create the admin username but then downgrade the role from administrator to subscriber. What this does is that it completely fools hackers. Because if hacker discovers that the admin is an actual user name associated with your WordPress website he or she will spend all the time in the wall trying to get the password associated with the admin account, hoping that once they get an access they will have administrative privileges. If by some stroke of luck they are actually able to get the password associated with the admin account and the login they will only discover that rather than having administrative privileges they only have subscriber privileges which is practically zero.
Tip number five would be to use a strong password and yes we know, I know, been told so many times before to always use a strong password, but there are still hundreds of thousands of people who still use passwords such as “password, swordfish, 12345, 1234567”. If you’re one of them desist immediately because these are not good passwords. What makes up a good password? Well, ensure that your password is at least eight characters in length and is a combination of letters and figures. Make sure one of those letters is a capital letter and you can also add one or more symbols such as the #hashtag or the @symbol.
Two Factor Authentication
Tip number six would be to employ the use of the two factor authentication method. Our favorite plugin for achieving this would be “Clef Two-Factor Authentication”. With this plugin you can get access to your WordPress website using your smartphone. It’s a very cool way of employment the two-factor authentication method and it also helps to add an extra layer of security to your WordPress website.
Our final tip would be to keep track of your dashboard activity. Our favorite plugin for doing this would be the “WP Security Audit Log” with this plugin you can keep track of everything happening on your site’s backend, so that you can easily view both what uses and actors have been doing.
So it our top seven tips for protecting your website against cybercriminals, hackers and all the bad guys.