WordPress is an open-source platform where hundreds of thousands of users share, modify and grow templates for websites, plugins and more, but don’t blame the fact that WordPress is an open source platform when your site gets hacked. Quite frankly, when your site gets hacked, it’s all on you! WordPress sites are hacked simply out of user error or a lack of user protection.
As a web designer or a website owner, there are certain steps you must take in order to avoid getting your WordPress site from being hacked and it is up to you, not WordPress, to implement. Some of the steps we will discuss in this article are very simple and easy to follow, while others will require you to put on your thinking cap, keep an open mind and take our word for it.
If you ask yourself, “how to protect my WordPress site from hackers?”, read along and find out!
Simply secure your login page
If this step in your WordPress security sounds simple and obvious it’s because it is simple and obvious. Securing your login page doesn’t mean taking your last name with your favorite double-digit number since fourth grade and adding an exclamation point at the end.
Secondly, there is a standard WordPress URL that is given to literally everyone who has ever logged in to the login page of WordPress. In order to breach security and move into your website all a hacker would need to do is visit the backend of WordPress and login. We suggest adding /wp-login.php or /wp-admin/ to the tail end of your domain name in order to add some more buffer and beef to your overall login security.
Set up a lockdown feature and switch to an email login
A lockdown feature will alert you if there is a number of failed login attempts from a source other than your own. With this feature, your website will ultimately freeze and go down on lockdown mode in order to save your important information. Any and all activity that isn’t granted permission or takes too many attempts to go in will be an automatic red flag and you will be alerted immediately.
What that said, you’ll want to make sure you have updated information in order for WordPress to alert you of unauthorized entry. If you use an old business email to get updates and hardly ever check that inbox, update your information right now. Normally a plugin is installed (paid) that will send you a text, however, you’ll know through your host (email) or when you go in yourself.
WordPress had a great article also suggesting that a web owner use their email instead of a username. A username, according to the article, is easily traceable and guessed. If you want to take extra steps to secure your web domain, use an email you frequently check instead of a username.
Use an iThemes plugin for extra security
Much like changing from a username to an email, you might want to consider changing your login to your URL. This can be done quickly and easily, as long as you know how. When a hacker receives a direct link URL to your website they have easy access to your platform. Some hackers use combination software to try thousands of different logins in order to breach your security measures.
iThemes Security is a plugin that can be downloaded in order to restrict any hacker from entering your login page. Below are three different login formations you can use in order to get the hackers off your case:
- Change wp-login.php or /wp-login.php?action=register to a unique login
- Change /wp-admin/ to a unique login of your choosing.
The unique login is your choice. If you want to customize your login or simply change it to this_is_new will significantly help your chances of blocking off any intruders to your site.
Change up your password, often
Switching up your password seems obvious, but you wouldn’t believe how many people actually never change either their default password or keep a standard login, like the last name and two-digit year of birth. Even if you have a custom password, it is smart to continue to change up your password every month.
Protect your wp-admin directory
Setting a second wp-admin directory password will be just another wall for potential hackers to have to jump over. Instead of just one password, a locked wp-admin directory will force a hacker to have to punch in a second password they probably won’t guess.
If you found this article useful and want to see more articles like this, make sure to check out our blog for all things WordPress!