Lately in the news there has been a reported global attack by hackers on WordPress sites. The focus seems to be on sites hosted on VPS and Dedicated servers. If you’re one of my clients, I know that most of you are on shared servers so your risk is lower, but it’s still a good idea to protect yourself.
A Couple Things You Can Do
Strong Password
If you’re using an easy to guess password then it’s time for a change. Even if you’ve got a strong password it’s not a bad idea to go through and update it periodically.
What makes a strong password?
- at least 8 characters
- combine UPPER and lowercase letters
- include special characters, such as #@$!*&
- and of course don’t make it something that’s easy to guess 🙂
To change your password in WordPress
- login to your WordPress admin area
- In the left side menu go to Users > Your Profile.
- There you can update your new password, then click ‘Update Profile.’
Password Protect Your Login Screen
This adds an extra step of security by requiring you to enter a username and password to get to your WordPress admin login screen. Once you get to the login screen you can login as you would normally do and you’re good to go.
HostGator has put together step by step instructions on how you can do this. Read the article here.
Other Stuff You Can Do
Keep your plugins and themes updated
WordPress is very cool in the sense that when there is a new version of WordPress, your themes, or your plugins available, you’re automatically notified in the WordPress admin area.
Make sure that whenever you see an update is available, click on the Automatic Update link.
If you’re one of my clients don’t be scared by this. I use a minimum amount of plugins on the sites I develop, and I’ve never had an issue with any updates. I did have a couple custom theme updates that had some issues, but that was a couple years ago and haven’t had any problems since then.
Delete Inactive Themes and Plugins
If you have any additional themes or plugins installed, delete them. Often these items will be ignored since you’re not using them and as they get older they become more vulnerable to hacking.
Google Webmaster Tools
Create a Google Webmaster Tools account and add your site. Google periodically scans your site and is happy to notify you by email if they find something that shouldn’t be there. Go www.google.com/webmasters/tools/ to get started with that.
Limit Login Attempts – a WordPress plugin
Limit Login Attempts is a free plugin that you can install that will limit the amount of times someone can attempt to login to your site. That way a hacker can’t just sit there and try endless amounts of login combinations on the site.
You can get this plugin here: http://wordpress.org/extend/plugins/limit-login-attempts/
Anyway don’t get too stressed out about this. Just do these simple steps and you should be fine. If you do have any issues with your site and are worried, get in touch with me and I’ll be happy to take a look.