WordPress released its latest version, 3.8, this past week. Because of its popularity, WordPress sites get targeted quite often by hackers. Unfortunately, they are fairly successful in getting into sites. Why, because often people are lax on their security and maintenance.
Hackers use an automated program to try and break into a WordPress site. They are patient to a point and most of the time they are most active when WordPress releases a major update. Here are a couple of screen shots from one of the WordPress sites I manage. The first is a log of the attempts, the user name they tried to use and how often. The second is how many attempts for this particular site were made in the last two to three weeks.
So what can you do? There are a few things that can help secure your WordPress site and make your life a bit easier.
- Keep you site up to date Probably the most important thing you can do is make sure your site is up to date with the latest patch and that any and all of your plug-ins are up to date as well. In most cases hackers are able to break into your site because it is not up to date. Please, please, please for your own sanity…keep it up to date.
- Use a Unique User Name When you first install WordPress onto your site you have to create the Main user account, think of this as a “Super” account. Trying to change or delete it is very involved and could bring the site down. A LOT of people will use “ADMIN” as the user name. Don’t…use your name; First name, last name or a combination of both to make it unique.
- Use Strong Passwords We’ve all heard this but few adhere to it. Your passwords should be between eight (8) and fifteen (15) characters and should contain upper and lower case letters, numbers and symbols like the #, etc. Ideally, it should not contain any form of words in it. If you have used the “ADMIN” user name, then change the password. You may want to even change the password every ninety (90) days or so to ensure you’re protected.
Some tools to help you generate and mange your passwords easily:
PWGen 2 – A great tool to generate random passwords and it’s FREE.
KeePass – A Password Manager that is simple to use and very affordable, aka FREE
If those are not your cup of tea then use a spreadsheet to keep your passwords organized. While not very secure it is easy to maintain. To further help in keeping your site safe, you should be also practicing the following:
Monitor Your Site
After a major update is usually when hackers try the hardest. Here is a great plug-in that will monitor all the activity on your site.
ARYO Activity Log – simply add it to your plug-ins and activate it. You can configure it to how long it keeps track of the activity, but it is very useful.
Back-Up your Site
There are a number of plug-ins that will do this, so it is a matter of personal choice. But you should have some kind of Back-Up schedule in case something does happen you can restore your site quickly and easily. The Plug-in I use is:
BackUpWordPress – Installs like all other plug-ins and is easy to configure. You can set it to automatically back-up your site daily, weekly, monthly etc. and then either email you when the back-up is complete with the back-up attached or download it directly from the Admin panel.
If you use these practices your site will be secure and easy to maintain. Hackers will usually be less interested in your site the longer it takes to try and get into it. If they aren’t having success after a couple of weeks, yes weeks, they become less aggressive.
While the hackers will never stop trying to get in, you can definitely try to make their life more difficult by following these practices.