There is nothing worse than getting a call from a potential client or customer saying that they tried to reach your website and a skull and crossbones popped up!
WordPress (WP) is one of the most popular website platforms because it’s easy to use and it’s extremely SEO friendly. According to BuiltWith there are currently over 16 million websites using WordPress all over the world!
However like all content management systems it can be compromised or ‘hacked’. No website is 100% safe from being broken into but there are a few things that you can do to minimise the risk.
House your back-end login section on a different URL to /wp-admin
As a default, all WordPress sites place the section that allows the administrator to login on www.exampledomain.co.nz/wp-admin
This can make it easier for bots to find the place to login a lot easier. If you think about your website as a house and the bots as burglars trying to get it, hiding the login section is like hiding the entry to the house making it harder for a potential robber to get in!
How can I do this?
Contact your web developer to action this one for you.
Switch-up the admin username
It has become standard that the administrator account of a WP has the username ‘admin’. Changing this to something else that less easy to guess with strengthen the security.
How can I do this?
This is one that you can do yourself following the below steps:
- Create a new admin account
- Login to the backend of WP using those details
- Delete the original admin account
Use extremely high strength passwords!
This is a point that we can’t stress enough. Weak passwords account for 8% of all WordPress hacks according to wptemplate.com
Using common passwords such as ‘password’ or ‘password123’ etc will make your site extremely vulnerable to an unwanted attack.
Try to use a mix of capital and lower case letters as well as symbols and ensure it’s as many characters as possible.
How can I action this?
There are online tools that you can use to create strong passwords if you can’t make one up yourself!
Keep EVERYTHING updated
WordPress releases new updates of their software to include fixes and patches to address already identified and potential vulnerabilities. Some hackers and bots may target old versions that have known security flows. The same applies to the theme and plugins that you’re using.
How do I action this?
Updating plugins is easy however it’s always best to create a backup of the site when updating the themes and latest WP versions to ensure that nothing breaks. If you’re not sure how to do this contact your developer.
Use secure hosting!
Last but not least, secure web hosting is vital no matter what which platform your website is built in. When you’re choosing a web host provider do your research and don’t just go for the cheapest one that you can find. It’s important to know what king of security they have and that they take regular backups (compromises do happen but if there’s a recent backup it’s a lot easier to get your website back up and running in a timely manner).
Any website anywhere in the world can be targeted by bots or hackers. It’s important to remember this and that it’s probably not personal. The above points can help you safeguard your site and they’re worth putting in place if it means that you can have more peace of mind. Like always if you would like more information or need help give us a call!