6 min read

What’s the Password? How To Better Protect Your Website From Hackers

Keep WordPress secure

Vital has a go-to set of security measures in our toolbelt to harden WordPress against attacks. They do things like prevent brute-force login attempts, restrict access to sensitive files, block malicious scripts, and watch out for unauthorized file changes. There are also some very important tips that you – the user – should follow when using WordPress to help keep things secure.

Never use the administrator account unless you have to. Most of the time, you will never need to touch the administrator account. This account should only be used when actual admin tasks are required like updating WordPress and plugins, managing user accounts, etc. If you’re just editing site content, you should be using an Editor level account. Try not to create multiple administrators because you’re just making additional access points for attackers.
Protect against brute force attacks and malware. Most attacks come in the form of bots trying to log into WordPress by brute force, using a dictionary of passwords and usually targeting the admin account. Once it gets in, that’s when the malware is installed and the fun really begins. You can prevent brute force attacks by limiting the amount of login attempts. Wordfence is a great plugin that, among other things, limits login attempts. It also regularly scans your site looking for unauthorized file changes and will email you if something looks suspicious.
Keep WordPress up to date. The WordPress development team is always publishing updates throughout the year. Very often these updates patch security vulnerabilities that may have been discovered. Keeping your site and its plugins up to date is one of the best ways to stay secure.
Use 2-factor authentication. 2-factor is a way to log into a service using two different items for authentication. This usually means a password and a physical device like your cellphone. Everytime you log into WordPress with your password, you will also be required to authorize this login on your phone. If an attacker gets your password, they probably won’t have your cell phone as well. Plugins like Duo or Google Authenticator do this very easily.
Backup your website regularly. If your website is hacked, having a recent, clean backup of your files and database will make it easy to roll everything back to before it happened. BackupBuddy or BackWPUp are two great plugins for this.

You Are Now Armed and Ready

We convered a lot of content here and believe it or not we’ve only scratched the surface. However, these basics will go a very long way in keeping your online life and WordPress sites more secure. Like I said, you’ll never be able to ensure absolute security on your website, but you can greatly reduce the risks. Just be smart about how you use your website, stay vigilant in your security measures, and never be complacent about online security.

← Previous Page

Article Tags:

Adam Walter

Director of Development

Adam is a skilled web developer with 20 years of experience, a diehard WordPress fan, and a lover of open source. Having received his B.S. in Graphic Design from Northeastern University, he also has a keen eye for design and typography. Offline, Adam loves to travel the world, hike, bike, cook, and is a science fiction fanatic as well as a proud lefty. View Full Bio