One day you might have your WordPress site hacked, what can you do to prevent it from happening. You can take some steps to slow done the risk of having your WordPress site hacked, In reality, if someone wants to hack your site they will do so.
Even with the best suggestion of protecting your site, do not be naive to think this hacking will not happen to your site, anything can be hacked.
There are some steps you can take to make it more difficult for hackers to take over your site. Here are some suggestions to make it harder for hackers.
- Make it a habit to change your passwords at least monthly, I suggest that you do it weekly. Passwords are the #1 method of security protection, to help you change your passwords, you can take help of a password manager like Dashlane. The changing of passwords isn’t just changing your WordPress user account password, it entails going through and changing all of the following passwords:
- change your web hosting account password (how you log in to your web host control panel)
- change your WordPress user account passwords
- change your FTP account passwords
- change your SSH account passwords
- change your domain registrar password that controls your domain name attached to your WordPress site
- change your email address password that is connected to your site
- consider changing your MySQL passwords
- Make sure that your WordPress site is hosted by a trusted hosting company, discusses your security concerns and which security features and processes they offer with their hosting. Check with the hosting company if they provide the most recent stable versions of all server software and how often they upgrade. that they have reliable methods for backup and recovery if a server has been compromised by a hack.
- Make sure that the theme and plugins that you using are from trusted third-party developers that have regular updates
- Update WordPress, plugins, and theme as soon as there are updates available, do not wait.
- When you change your passwords, change the SALT keys in the wp-config.php file – The SALT keys, once changed, will automatically log out anyone in your site and will require users to re-login. This is a helpful step because if there is someone in your WordPress admin area that shouldn’t be there, this will log that user out of the WordPress site and require them to attempt a new login. Since the passwords were already changed, the user will be unable to use old “acquired” passwords.
- Install additional security measures, the iTheme Security plugin provides an added level of security and simplify the administrative function of securing your site.
- Make sure that you change the WordPress database prefix, by default it’ set to wp_ – change it to anything that is hard to remember.
- By default, you should set the administrator user id to something else than “admin”, “administrator”. Use a difficult name to remember.
- Keep backups and keep track of your WordPress installation at regular intervals. Backup and recovery of your WordPress installation in the case of catastrophe can help you get back online faster in the case of a problem.
- Check that your server and client network is trusted and update firewall rules on your home router and being careful about what networks you work from. An Internet cafe where you are sending passwords over an unencrypted connection, wireless or otherwise, is not a trusted network.
- Restricting MySql user privileges – under normal WordPress operations, posting blog posts, uploading media files, posting comments, creating new WordPress users and installing WordPress plugins, the MySQL database user only needs data read and data write privileges to the MySQL database.
Want more details on how to harden your WordPress site – please read this article.
If you have other suggestions to have to secure your WordPress site. Please share your experiences in the comments.