Imagine this scenario. You have spent months of your time and a couple thousand dollars on your website. Then, one day you are informed that it isn’t working. You go to the website and confirm that it is down, nothing is displaying. You are stuck, you don’t know where to go. Your website is down and you are losing visitors left and right, and potentially thousands of dollars in sales. What next?
Unfortunately it is an all too common problem. I’ll tell you what to do down at the end of the article.
Let’s look at a few ways you can secure your WordPress website.
1. Usernames & Passwords
You want to make it as difficult as possible for somebody to get into your website. One of the most basic, effective ways to do this is to change your username from the default ‘admin’ to something else. If a hacker already knows the username, their job is halfway done, then all they need to figure out is the password. Of course the more difficult the better, but anything is better than ‘admin’.
For your password I recommend using a password generator. The one that I use is very easy and take me 5 seconds if that to get a new password. I always go with at least 10 characters and include special characters and numbers. Store this password in a secure place that you can easily get access to it.
2. Change Your Login Page
The default login screen for a WordPress website is websitename.com/wp-admin. Hackers know this. They will often go to that site and start working away. However, if you change your login page, you not only thwarted a potential attempt, but now they have to figure out where your login page is.
3. Limit Login Attempts
You would be amazed at how often idiots are trying to get into some random website. They have a lot of stupid, and dishonest reasons for doing so. I recommend limiting the number of attempts that somebody can try to get into your website. Unless they know your password, it’ll take some serious skills, or some good software in order to figure out your username and password at all. I recommend limiting the number of attempts to 3, after that, that IP address is blocked and they can’t access it. You can also set it up so you can an alert via email whenever somebody is locked out. It’s pretty interesting to see how often this happens.
4. Schedule Regular Backups
Surely you would not want to be in the situation I described in the beginning of the article. I’ve had clients there before, their site is completely gone, and they come to me to fix it. That is the risk you take if you are not regularly backing up your website. I use a program called BackWPup. It seems to work well from my experience. There are many other backup programs out there for you to evaluate. You can simply set BackWPup to back up your site once a week, and to keep the last two backups of it to be safe. You can even tell it to backup to Dropbox or Google storage, or just your hosting server, your call.
There are many, many other ways you can secure your WordPress based website, but by deployed these basic steps you can thwart many of the attempts, and should something happen, you’ll have a backup to restore. So many people do not secure their websites that hackers will often go to the next website if they have any trouble getting into your website.
Oh, and in the situation above, if you were hosting your site with me, I would handle everything for you and get your site backup. If you set up hosting on your own through Hostgator, Go Daddy, or somewhere else, you would want to get in touch with them and see if they can restore your site for you. Sometimes they can, sometimes they can’t.
To avoid the loss of your site and potential revenue, I recommend having your hosting & maintenance company implement these changes immediately. If you do it yourself, it may take some time to figure out, but it’ll be well worth it. Alternatively, contact me, and I can take it off your plate for you.