I don’t need to get into a long speech about why security is important and necessary. Instead, I will offer 4 easy and critical steps you can take to dramatically increase security around your website.
Tip #1: Rename your default Admin Account
The “admin” account comes with WordPress as the default user. Quite often, people choose to use the name “admin” for their admin user name. Hackers assume people will do this as well, so make sure you change your name. Doing so helps to block many of the brute force attacks on your site where the hackers try to guess your password, since they would also have to know your username.
Tip #2: Use Strong Passwords
When it comes to your WordPress site, as well as any online interactions for that matter, you need to make sure you have good and strong passwords. Instead of just a single word or short phrase, it’s a good idea to have a complete sentence for the password. It is far more difficult to guess, and more difficult for a script to discover.
Tip #3: Limit the Number of Login Attempts
Sometimes, hackers use ‘brute force’ scripts to try and figure out your password. This involves trying long lists of common passwords. To stop them from eventually getting access to your site, you need to limit the number of login attempts. You can download and use a plugin that locks out a user if they enter the wrong password a certain number of times that you can specify.
Tip #4 – Keep your WordPress up to date
When WordPress releases new versions, it is important to update to the latest version. It often improves security. Also, when the new versions come out, WP will release the exploits in the earlier version, which means if you are still using it, you could be at risk.
If you want a way to automate the update process, check out WPUpdate by TrustedSec.
iThemes Security Pro
In addition to these tips, I highly recommend using the iThemes Security Pro plugin. Formerly ‘Better WP Security’, iTheme Security can help to protect against a number of threats by improving server security, detecting bots, monitoring unauthorized changes, and more.