Archive for WordPress Security

Use a Better Password For Better WordPress Security

Use a Better Password For Better WordPress Security

 

Use a Better Password For Better WordPress Security

One of the best and easiest ways to help prevent your site from being hacked is to make sure you have a strong password.  It’s important to create a password that is both easy to remember and difficult to guess.

Try to pick a password that is at least 12 characters long, and is a combination of upper & lower case letters, numbers and symbols.Security Tips For WordPress

Another good recommendation is to try to use a pass phrase instead of a password.  So instead of using something like this (Badger5!) Try and use something more like this (HOneyBadger5^RedFOx).

You can also use one of the many password tools available, like 1Password or LastPass.  With programs like LastPass you only have to create one memorable password that you use to login to LastPass.

Your other passwords can be as long and un re-memorable as you like cause LastPass will remember them, so you don’t have to.

Better WordPress Security

Update Your wp config php Keys For Better WordPress Security

Update Your wp-config.php Keys For Better WordPress Security

 

Update Your wp-config.php Keys For Better WordPress Security

The wp-config.php file contains a series of security keys.  These keys are used for different authentication and security methods used by WordPress and are an important part of your sites security.

The keys should be unique to each site.  Update ding the keys is highly recommended to protect your site from a variety of different attacks.Security Tips For WordPress

To create or change your keys you will need to download your wp-config.php file from your server location.  Then you will go to the online generator to create your unique keys.  The url for this is listed in your wp-config.php file.

Copy those keys and then find the keys in your wp-config.php file.  And replace the old keys before re ftp ing the file to your host.

Changing these keys will cause everybody to need to login again, but this also invalidates any compromised logins.

Better WordPress Security

Manually Install WordPress For Better WordPress Security

Manually Install WordPress For Better WordPress Security

Manually Install WordPress For Better WordPress Security

It’s best to consider security from the very start of your site build. Installing WordPress manually instead of using one of the quick install programs often found on host helps you harden your sites security from the very beginning.

To manually install WordPress you will begin by creating a database in your host cpanel or you’re PHP myadmin.

When you use a quick install program that create the database for you it uses wrdp to name the database.  This is a well-known default so it is important to use a unique name for your database as extra security.

Then you will download the files from wordPress.orgSecurity Tips For WordPress

Next you will unzip the WordPress file and find the wp-config-sample.php file and open it in the text editor of your choice.

First enter the information for your database. Then you will create unique authentication keys using the link provided.  You’ll copy these keys and paste them into your file.

Lastly you want to create a unique table prefix for your database tables much like database names the default WP_prefix for tables is well known and makes it easier for hackers to break into your site.

Now save this file as wp-config.php and then you are ready to FTP your files to your server.

Once you have uploaded your files you can go to your domain name forward slash wp-admin.  Here you will create your username and password.

Remember you do not want to use admin as your username.

Better WordPress Security

Remove The Admin Username For Better WordPress Security

Remove The Admin Username For Better WordPress Security

Remove The Admin Username For Better WordPress Security

Attacks on WordPress sites often target the admin user name. Which is why it’s important to use a unique user name for your profile.

If you already have a site where your using admin as your user name, it would be beneficial for the security of your site to create a new user and delete the admin profile.

To do this you will sign into your site using your admin user, then you will crate a new user with a unique user name.  You will need to use a different email address then your admin user, but you can edit this once you’ve deleted the admin user.Security Tips For WordPress

After creating a password make sure to assign the administrator role to this new user.

Now you will log out of your site and log back in using the new admin user that you’ve created.  Go into your users and delete the user with the admin username.

It will now give you the option to assign these post to another user or just delete all those post.  And then you need to confirm the deletion.

And now simply by deleting your admin user you’ve helped to increase security on your site.

Better WordPress Security

 

Security Plugin Tips For Better WordPress Security

Security Plugin Tips For Better WordPress Security

Security Plugin Tips For Better WordPress Security

Preventing your sight from being hacked is a lot easier than trying to cleanup after an attack.  There are a couple of simple things you can do to help protect your site.

There are a number of plugins that can help keep your site secure.  One such plugin is Login LockDown.  Which allows you to block a user after a set number of login attempts.

With login lockdown you can set the number of attempts you would like the user to have. And how long the user is locked out after failed attempts.Security Tips For WordPress

You can also lock out invalid user names.  so for instance if you don’t have a user with admin as the username and someone tries to use that to login. They will be locked out of your site.

There is also services like Sucuri which scans your site for malware.  And they can also help you pardon your WordPress security. And there pro version does much much more.

During the site building process.  It’s likely that you have installed and tested a number of themes and plugins.  It’s important that you remove any inactive themes and/or plugins as they can be used to compromise your site.

Similarly it’s important you keep all your themes and plugins in WordPress up to date. These simple steps can help ensure the security of your WordPress site.

Better WordPress Security