4 Ways To Prevent Your WordPress Blog From Being Hacked

Just follow these 4 dead-easy steps, you’ll soon be free to get back to the other, more thrilling tasks on your to-do list: 

1. Delete the username “admin”

The default username when creating a WordPress site is “admin.” Most people keep this username. This makes it dead easy for hackers to guess your username. Then they are already half logged in to your site.

So delete any account with the username “admin.”

Note: if the account with username “admin” is the only user that currently has Administrator-level access, you won’t be able to delete it until you first create and login with a different Administrator-level account. WordPress needs to ensure that there is some way to access Administrator functions for your site.

Time needed: 4 minutes

2. Strengthen Your Password

password_generator Hackers use software to instantaneously test every word in Wikipedia against your password. So anything that is a real word or name in any language should not be used. Any logical or significant number sequence should not be used.

That means don’t use your pet’s name, your kid’s birthday, or anything else that vaguely makes sense.

The best passwords include a random arrangement of uppercase and lowercase letters, as well as numbers and symbols. In other words, they should be gibberish.

You can use a password generator to help you do this – just make sure to save your passwords in a secure place.

So go now and change your website login password to something really incomprehensible. Ask other users to do the same.

Time needed: 2 mins

3. Delete and Update

WordPress has a bit of a bad rap for being “insecure.” In fact, a WordPress site only becomes insecure when you fail to keep it up to date. Any part of your site that is not updated to its latest version presents a security risk. Hackers find vulnerabilities in sites through outdated files, themes and plugins.

So go now and make sure that you are updated to:

The latest version of WordPress 

The latest version of all installed plugins 

The latest version of all installed themes 

While you’re in there, it’s best to delete any plugins or themes that you don’t use or need. These are likely to become outdated without you noticing, creating future security risks.

Time needed: 8 mins

4. Limit Login Attempts

login_attempts At illuminea, we install a plugin like this on all our clients’ WordPress sites: the Limit Login Attempts plugin. It’s really a clever little thing-a-ma-jig.

One of the common ways that hackers attempt to gain access to a site is by using software that bombards the login page with an infinite number of username and password combinations, until they strike gold. And if you are not following steps 1 and 2, they will strike gold pretty fast. This was how the Brute Force attacks were so successful in destroying many WordPress sites in 2013.

That’s the beauty of this plugin: it limits the number of times that anyone can attempt to login to your site within one single hour to some reasonable human number, like five.

If you are the forgetful type, set it to 10 :)

So off you go to search for and install the “Limit Login Attempts” plugin on your site.

Time needed: 4 mins

OK. We’re done.

That’s all you need to do to take your website security up a notch.

Need tips on how to successfully manage your Virtual Assistant? Browse our website www.callarup.com to see the different skill sets of the personal assistant you can work with and let us know how we can help.