First, to the hackers who love to read articles on how to thwart hacker attacks and then subsequently teach everyone the lesson that ANYTHING can be hacked: We aren’t challenging anyone to break WordPress. Just as there are tips on protecting your email or social media accounts, there are also certain practices which should be followed to keep WordPress safe from harmful drill-code attacks as well.
It’s important to remember that WordPress accounts can refer to anything from your WordPress Ecommerce Site to your WordPress Blog. In either case, but especially with the Ecommerce Site, it’s paramount that these steps be followed to better secure your WordPress account from hack attacks.
For new installs of WordPress the best things clients can do are:
- When choosing a username, NEVER use the default “admin” –make it personal
- Choose a very hard to guess password as WP is easy to hack with a password guesser, because it will not block someone after a certain number of missed tries.
- By default, the database table is set to “wp_” … change that to something else. This prevents hackers from guessing the database table row names.
WordPress Plugins that make your site more secure (should do immediately upon a new WordPress install):
- Akismet – requires activation and is only free to non-money generating companies
- Disqus – a completely different comment system that is now recognized as the industry standard and is more secure than WP’s built in one.
- WordPress Database Backup – this will email you a complete database backup of your site weekly in the instance that your site is hacked and taken down.
There are many other things you can do to protect your WordPress, like moving the admin folder in WordPress or blocking incoming requests via a .htaccess file or some other form of server block, but implementing security measures beyond what’s already been discussed tends to be more technically challenging for beginners.
Feel free to comment to let us know whether this helps, or what other WordPress “beginner” security tips you have to share.