How To Protect WordPress Websites From Hackers
With more than 20% websites throughout the world are running on WordPress, hackers are now targeting these WordPress sites to cause problems to the website owners. In this post, we will be sharing with you some of the methods that can be used to protect your WordPress website from being attacked by these hackers.
1. Change the default WordPress admin login
When you set up your WordPress website, the default login username will be ‘admin’ . Please change these login username to other types of username . Hackers would immediately try to use the login username as ‘admin’ during their early attempt to hack your website.
It is also important that one you have changed the login username, the display name should also be changed to something else. Otherwise your display name on your blog posts will show your actual username and this will make the hackers know your username.
2. Use a strong password
Please choose a strong password for the wordpress admin login. The password should be at least 8 characters long and be a combinations of numbers, alphabets and characters. Do not choose simple types of passwords such as sequence of numbers i.e. ‘123456’ or sequence or alphabets i.e. ‘abcdefgh’ .
3. Hide the login
By default the login URL will be www.website.com/wp-admin . Any hackers would immediately typed in this URL to access the login page. Instead of the default login page URL, please change to something else. Some examples would be www.website.com/enter or www.website.com/webenter or whatever. This will definitely cause headaches to the hackers.
4. Use Captcha on the login page
Adding captcha field to the login page will also provide added security to your website. This will eliminate any bots or automated software to be used to access your website. Actual human being will need to enter the answers to these captcha and obtain the right answers before they can proceed. Often after certain attempts of wrong username and passwords, the hacker will be blocked from proceeding further.
5. Blacklist IP Addresses
A plugin can be installed as an added security to block and blacklist certain IP addresses once it has failed in the attempt to hack the sites. The hackers will need to keep on changing his IP addresses if he wants to attack again.
6. Keep themes and plugins updated
Sometimes hackers will install viruses or worms on themes and plugins , especially those that are made available on WordPress depository sites. Often themes and plugins developer will immediately inform users whenever there are recent vulnerability of their themes and plugins. They would always request all website owners to immediately update their themes or plugins to the latest version to avoid any problems that may occur.
7. Backups the Website
Always backup your WordPress websites. In the event, your website is finally being attacked and is down, you can always get it back online immediately. You can either have backups done by installing a certain plugins to do a manual or auto backup or you can get your website hosted with a webhosting company that backed up your website on regular basis. If your website is active such as an e-commerce website, or active blog, or CRM system, or ERP system, the websites must be backed up on a daily basis.
If you would like us to assist you in protecting your website from any hackers, please do not hesitate to contact us.