The 5 Biggest WordPress Security Mistakes That People Make

bad-botsI bet that when you were creating your website you didn’t have the idea of being hacked in mind. No one thinks about such evil things while developing his page, regardless if it’s just a presentation one or a full e-commerce shop.
Let’s face it, you can’t hide from the bots. Why bots? Because 90 % of the attacks are automated. It’s very unlikely that someone will have such an interest in your website to hack it. Most of the attacks come from bad bots that try to use an exploit in one of your plugins, brute force your log in information etc.

So for that reason I decided to create a small list of basic things that a lot of new webmasters miss. Without a further ado here it is:

Change Your Username Right Now

I can’t tell you how often have I came across this situation – a new shiny website is created, but the username is something like – Admin, Admin1, Admin123… you catch my drift. Why is this bad? Because those are very easy to guess. Let alone “admin” is the default WordPress username, so that will be the first thing that a bot will try when brute-forcing your perfect, time and money consuming website. If you want to eliminate this problem, simply create a new user with a more sophisticated username, give him administrator rights and use it to log in your website. Then delete the old one and voila – you have your first layer of defense against the evil hordes of bots aiming to hack your dear website.


Think About Your Password

I know that using the same hellokitty512 pass for years is your thing, but having a secure password is a must. WordPress even tells you how complicated and hard to hack your password is. Using different and unrelated letters, numbers and symbols can make your password much more difficult for cracking by the despicable bots. Sure, having a long complicated pass is hard to remember, but hey at least you will keep your website a bit safer and I think this is a good enough reason to go through that trouble.

Update That WordPress

I know, I know, updating your CMS, plugins and themes isn’t always the best option because very often the new versions do have some bugs and problems that need to be solved, but most of the time the updates bring a new, more secure version of that software. They often fix exploits and back doors that could potentially be used for hacking your precious site. If you are scared that you are going to break something, just create a backup and there you go.

Get Rid of Everything Unnecessary

Having plugins and themes that you don’t use is like keeping your old in your garage – it takes space even though you don’t use it. Just delete them and lessen the chances of being hacked. The same goes for users that aren’t active anymore. They are just potential exploits, so get rid of them and save yourself some trouble. Keeping unnecessary bloat also slows down your website, and no one likes slow websites, right?

logoUse a Security Plugin

Using a plugin to protect your website is maybe the most efficient way to do that. The top dogs in the field do a pretty good job defending your page against most of the things that could go wrong. Some of them perform checks and clean ups on your website, some do prevention and some do both. I personally like not to have a problem to deal with on the first place. That’s why I use IVGuard which is a great new tool doing just that. You will get notification whenever someone or something changes even one row in your website files. You can bring back previous copies of your files from one of the backups that the plugin does automatically or get the default versions of those files from the library. It will also keep those brute-forcing bots from guessing your username and password. It’s a complete solution for your potential problems, before they even happen.

Comments are closed.