WordPress is the strongest player in the website/ blogging industry and the most adaptable content management system. It has many advanced features which allows for multiple functions to be added to a webpage or blog with a single click. However, there is a flip side as we well.

Websites/ blogs powered by WordPress are extremely susceptible to attacks by hackers or spammers. Also, it is not a difficult task for hackers to gain access to websites’ administrative pages. The software available on the market empowers them to crack passwords easily by testing numerous login combinations in seconds. Hackers may not benefit a great deal from the websites they break into, but the loss will certainly harm the website owner. It may entirely destroy one’s online presence and credibility that has been built over the years and add misery.

There are certain precautionary steps that if taken will strengthen the security of a WordPress website. They render it too difficult for the website to be hacked or taken offline. The owner may also easily update the framework of the website and add various plugins.

To Do List

1. Regularly backup the WordPress website. It is highly suggested the backup be done weekly. If the website is updated often, then a backup should be done twice a week. Many of the WordPress plugins can create a backup and restore data if needed. There are both free and plugins to purchase available on WordPress. For example, Updraftplus is a WordPress plugin that will backup a website.
2. Limit the number of login attempts. WordPress plugins allow the administrator to limit the number of failed attempts and thereafter, ban that particular IP address for a specified number of hours. Therefore, this action will protect the website from a hacker trying to use different login combinations. With the use of this plugin, the hacker would need different proxies.
3. Block visits to /wp-admin/.  An administrator can block access to the /wp-admin/ section of the website for all the IP addresses except for those who have genuine user access, this ensures the highest level of security for the website. Create a plain text file in the /wp-admin/ folder and rename it to .htaccess file.
4. Keep all software up to date. Always keep the server, operating system, and any other software up to date. The security holes in software must be avoided as they are an easy target for hackers. WordPress notifies users of available system updates at login.
5. Make use of the website security tools. After implementing all the security measures, test the website security. This can be done through available security tools, such as Netsparker, OpenVAS, etc. The process is often referred to as penetration testing or pen testing.

Do Not

1. Do not choose “admin” as a username. If the website is already installed with this name, create another user with a unique name as an administrator. Later, login with another new username and delete the “admin” user.
2. Do not opt for easy-to-guess passwords. There is one golden rule when it comes to online security and that is, the more complex and strong your password is the better the security. Do not use names, dates of birth, a website name, or dictionary words as your passwords. For example, “intelligent” is a not as strong a password choice as, “5intell$%.” If remembering such a complex password is a problem, set the browser to remember it instead. However, this is recommended on personal computers accessible only through a password login.
3. It is also a good practice to enforce password requirements for users, such as a minimum of six characters plus a letter. These passwords should always be stored in encrypted form, so as to minimize the damage.

By sincerely following the tips mentioned above, it is actually possible to protect a WordPress website/ blog against any malicious attempts from hackers.

Opinion by Sania Gupta

Sources:
Creative Blog: Website Security Tips Protect Your Site
Wikihow: Protect Your Website From Hacking Attacks
Image Courtesy of Brian Klug’s Flickr Page – Creative Commons License