My Tips for Securing WordPress

My firm blogs for many clients and in the process we’re on blog sites more frequently than the blog owner. In some cases my team was the first to notify the client of a hack. Typically when a site is hacked, we cannot login to write or see the WordPress site when we go to gather links for a blog post.

To keep your WordPress blog or WordPress website from being hacked these are my tips for security.

1. Make sure you are using a secure password. Many times the client’s webmaster will send us our logins and the password is something like 123456. For security, I like passwords like this A&Ji3nGba*3!. Impossible to remember but really hard for a hacker to guess.

2. Secure your site from brute force login attempts. I like the WordPress plugin Login Lockdown. This plugin allows you to lock out intruders who are repeatedly trying to get in by blocking their IP address.

3. Monitor your core WordPress files. I really like this plugin. It monitors your core WordPress files and emails you when there have been changes and advises you what files have been changed. I cannot begin to tell you how easy thisĀ  makes fixing a hack attack by having an idea where to start.

4. Use an exploit monitor. I use the WordPress plugin called Exploit Scanner. We’ve found several deep hacks with roots in a parent website feeding into an on-domain blog this way. By scanning the WordPress files for explode and hidden elements we have been able to quickly identify a hack and work fast to remove it.

There is nothing worse for a website owner than to do a search for themselves on Google.com and find a note next to their site for users not to visit it due to malware or Google to turn off the links to their site.

These simple preventatives are what we suggest for every blog owner they are easy to install and require justĀ  minimum of vigilance.

Share