Hi everyone,
See a number of post regarding hacking attempts unfortunately it can be part of the internet lifestyle but prevention is the key.
Here are some quick tips to help boost your internet security with a wordpress website
There are several types of hacks from a basic redirect, placing malware on site or a brute force attack where they take your site down completely. This is rare but well worth protecting yourself as much as possible.
As with all things if they are determined to crash your site. It can be very difficult to protect the site 100%, but this will certainly make it more of an undertaking, as hackers look for easy targets first.
Here are some key places to start...
Never use ADMIN as the default user name change it to something unique to you. If you want to super secure you can get an autogenerated user name to create a more hack safe one with number characters and symbols, etc.
If you have used admin you can change it, with a specific plugin called admin name extender or through your Cpanel.
Always ensure you keep you versions of Wordpress up to date as often the fix and upgrade the security within the update.There is also a plugin to automate this (https://wordpress.org/plugins/automatic-updater/)
Install a plugin called limit login attempts (https://wordpress.org/plugins/limit-login-attempts/ )
as this has a useful feature that can auto lockout and repeated attempts to access your site for up to 48 hours to that IP once they have tried x amount of times. This also stops automated software from trying to crack the codes as it will also disable it.
Install all in one security suites to Wordpress to boost its security
Two proven ones are,
All in one WP-security and Firewall
(http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/)
Better WP Security now called iThemes security (https://wordpress.org/plugins/better-wp-security/)
These two are powerful and hide a lot of vulnerable areas such as site login location which is typically www.sitename.com/wp-admin as the default they also create a firewall within Wordpress. Most have a wizard to guide your through steps along with meter reading of protection.
For the control of spam on you comments on the blog for example, install Amisket ( http://akismet.com) which is a free service and works brilliantly.
For passwords, I would recommend (https://lastpass.com) as highly military grade encryption and also has a random password generator alternatively here is another link to one (http://passwordsgenerator.net)
There are also some monthly subscription hostings especially for Wordpress that handle all this for a nominal fee the highest rated being WP Engine.
WP Engine are specialists in hosting WordPress sites. They pride themselves on performance, reliability and support.
They cost a bit more than traditional WordPress hosting sites, but they offer a number of unique features not found elsewhere, such as
Caching to speed up your site using the WP Engine custom-built EverCache Technology
If your WordPress site is ever hacked. WP Engine will fix your site for free!
A one-click backup and restore option is included at no extra charge.
One-click staging, an exclusive feature called "staging".
Before you make any updates to your site, you can click on the "snapshot" button, to create a copy of your site in a separate safe area.
If you implement these measures, you will be better protected than most, of course never never say as things always change but hope you found this useful. Just to note, none of the measures above are specialist skill and can be done quickly so you then can concentrate on running your site.
kind regards
Simon
#Wordpress-security
No comments:
Post a Comment