WordPress is undoubtedly one of the most popular content management systems (CMS) used for building and publishing websites. In fact, there are over 20 million of websites online running on WordPress. Since it is intuitive and easy to use, WP made it possible for people with a limited technical background to build and publish their own websites.
If you are one of these people, then you probably don’t know that having a website online exposes you to a range of cyber threats. Your website can easily get hacked. You can lose your valuable data, get sued by people who trusted you with their personal info and get blacklisted by search engines. While it may seem like a security nightmare, there are some very simple things you can do to ensure the safety of your WordPress website.
Create New Admin User
This is the oldest trick in the hackers handbook. Since WordPress comes with a default administrator account with the username Admin, it makes is easier for hackers to try and guess your password. Managing a WordPress website from the account with username Admin is out of the question. So, what should you do?
First, you need to create a new user with administrator privileges in WordPress. Go to your WordPress Dashboard and click on Users > Add New. Enter your prefered username (something other than Admin/Administrator), make sure to set the role to Administrator and click on the Add New User button. You’ve now got yourself a new admin user with a custom login name.
If you have used your admin account to manage your WordPress website thus far, all of the content of your website belongs to the user ‘Admin’. Before you delete it, you have to assign all your pages and blog posts to the user you have just created. Make sure that the ownership of all important things is switched to this new user before you go and delete your old ‘Admin’ user.
Use Strong Passwords
When it comes to WordPress website cyberattacks, the great majority of fallen victims had weak passwords for their admin accounts. What is a weak password? Anything in the range of “12345”, “qwerty” and “password” classifies as an extremely weak password. Surprisingly, people are still using them in 2018, despite the fact that this topic has been addressed in over a dozen of blog posts on popular cyber security websites.
Cybercriminals are using sophisticated tools today, as they no longer try to manually guess your passwords. Having weak passwords is like leaving the door wide open for them to come in and wreck havoc all over your website.
If you want to close this door, you have to use a pass that is at least 12 characters long, and which contains upper and lower cases, numbers and symbols. If you can’t be bothered to come up with or remember this kind of password, you can use tools such as LastPass and LogMeOnce to generate passwords for you and log you in automatically when you want to make changes to your website.
Update Your WordPress Regularly
Remember, it’s better to update your WordPress regularly and to have your plugins messed up, than to keep it running on an older version. Why? The WordPress team is always working on making improvements on their CMS. Beside functionality perks, new features and improved performance, these improvements also include patching the discovered bugs and holes, which may expose websites powered by this CMS to cyber attacks.
When all of your WordPress files are updated to the latest possible version, the risk of cyber attack is minimized. WordPress has solved this problem by automatically applying critical security updates as soon as you login. But there still remains the issue of outdated plugins and WordPress CMS as a whole.
Smart Use of Plugins
WordPress plugins are very attractive to WP users, but they also present a threat to your website security. When it comes to plugins, the best practice includes the following:
*Only install plugins from reliable sources (if you want to use a plugin outside of the WordPress plugin database, make sure to read the reviews and comments)
*Keep the number of used plugins to a minimum
*Always update your plugins
If you do these four things right now, you will significantly increase the security of your website. In the end, you should know that website security requires continuous effort. This is why you should log into your WordPress dashboard once a week to check for updates and make sure everything is running as intended.