As part of the graphic design and Web team here at Identity, I’ve been spending a lot of time lately learning about using WordPress to build websites. One thing that I know is top-of-mind for many WordPress users is how to prevent hackers.
Here are my three simple suggestions on how to protect your WordPress site from hackers:
1. A brute force attack is when a computer program (bot) randomly tries combinations of usernames and passwords again and again until it finds a working combination and can break into your site. A way to fight this is to limit the number of login attempts allowed. This can be done with a plug-in called Limit Login Attempts. This plug-in allows you to easily customize how many login attempts are allowed.
For example, say you set it to three. After three tries, the user or bot will not be allowed to try again for an amount of time you specify. If someone is trying to hack into your site, they’ll likely give up and move on once this barrier is reached.
An added bonus feature of this plug-in is that it can be configured to email you when someone has been locked out, giving you a heads up to keep an eye on things.
2. If someone does manage to break into your site, you need to know if they’ve changed anything because the change might not always be obvious. A plug-in called WordPress File Monitor can make that change more clear. Here’s how it works: If someone changes, adds to or deletes a file and saves it, you will get an immediate email telling you your files have been altered. This allows you to keep track of what’s going on with your site and fix the changes as quickly as possible.
3. The simplest thing you can do to protect your WordPress site’s security is to keep WordPress up to date. WordPress is constantly being updated, and many of these updates fix potential security flaws, so it is important to stay current. WordPress itself will actually alert you when a new update is available and makes updating automatically as easy as a click or two. However, before updating, there are a couple of things to consider, such as backing up your database and your plug-ins potentially breaking.
It’s entirely possible that a new version of WordPress could cause a plug-in you’re using on your site to break. Plug-ins are built using WordPress’s core, and when that changes, a plug-in could stop working (as expected). Most good developers will have updates to their plug-ins quickly after they find out something is broken. But that doesn’t always happen, and you may need to find another plug-in to replace the now broken one.
Plug-ins can also be updated and are usually just as easy to update as WordPress itself. It’s a good idea to read through what the update changes are and to keep a backup copy of any plug-ins before you update them, just in case something has changed with the plug-in that makes it less useful to you.
Do you have any other useful tips or plug-ins when it comes to preventing hackers on WordPress sites?