Wordpress blogs are regular targets to brute force attacks, there is one large attack going on right now. These attacks are automated across all the hosting platforms and attempt to find bloggers that are using default usernames, weak passwords and outdated WordPress installations. Most bloggers aren’t aware of the threat posed by hackers and may not even know that a successful attack has taken place so it is important to keep your blog safe. These are the simple security measures that any blogger can implement today to make their blogs more secure and be protected against these types of attacks.
1. Create a new user account
It is harder for a hacker to break into your blog when both username and password have to be cracked. That is why you should create a new user and delete the WordPress default “admin” user. You create a user by going into “Users” then “Add New” in the WordPress menu. When creating the new user, make sure to give it the role of an “Administrator”. That will make sure that you have the full authority over your blog. Now simply logout from your default “admin” account and log in with the new user details. In “Users” delete the default admin username. Make sure to choose the option to transfer your old posts to your new username when deleting the “admin” account. Do this first before going to the next step.
2. Use a strong password
Do not use simple passwords on your WordPress. Simple passwords might be easy for you to remember it, but they are also easier for a hacker to crack. Use stronger and more secure passwords instead. Your password should be at least eight characters long, it should include numbers, it should include special characters, and uppercase and lowercase letters. Change your password now before going to the next step.
3. Set a new nickname
You do not want your new username to be the author name that is shown on all posts. Set the nickname WordPress uses as author name to something different than your username. You do this in “Users” under “Your Profile” in the Nickname field. Choose a new nickname and set “Display name publicly as” to your new nickname.
4. Disable logins from certain IP addresses
Login LockDown plugin records the IP address and timestamps of every failed login attempt to access your WordPress blog. If more than a certain number of login attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that IP range. An alternative for this plugins is Limit Login Attempts and does the same.
5. Blacklist all IP addresses except your own
A better solution for some bloggers is to blacklist everyone from logging in to your blog admin except yourself. You do it by going into the wp-admin folder of your WordPress installation and opening the .htaccess file. Add this code anywhere in the file and make sure to add your IP numbers in there (type “what is my IP” in Google to find your IP address):
deny from all
# whitelist home IP address
allow from YOURIPNUMBER
# whitelist work IP address
allow from YOURIPNUMBER
# whitelist holiday IP address
allow from YOURIPNUMBER
You can put different IP addresses in there if you move quiet a lot but if one is enough for you, that is fine as well. Now when someone tries to access the login page of your blog they will get this message:
Forbidden. You don’t have permission to access /wp-admin on this server.
6. Do not allow guest user registrations
If you do not have a membership blog, then there is no reason to allow visitors to register for a guest account on your blog. To check that you’ve got registration turned off, click “Settings” and make sure that “Anyone can register” option is not checked.
7. Always upgrade
Always upgrade to the latest version of WordPress, latest version of your WordPress theme and latest version of plugins you use. One of the reasons for developers creating new versions of software and plugins, is the security vulnerability found in older versions. With WordPress all of these upgrades are simple, automated, one-click processes within the WordPress interface. I made this video a while ago to show you how easy the upgrade process is – no excuses not to upgrade.
8. Backup regularly
Taking regular backups of your blog content and database is important. In case something happens to your blog, you can always use the backup to recover your blog files. WordPress Database Backup plugin makes it simple to backup your files. Activate the plugin and set it to automatically to take backups and send them in a file to your email address.
No more hacking problems
These 8 simple steps can be executed fairly quickly and should make your blog so much harder to break down and break into. It means that you probably would never have a hacking problem, you will feel safer and will be able to focus your time on creating great content and building an audience.