You may have heard people talking about how their website was “hacked”. Maybe their site starting showing strange characters or re-directing visitors to other, not so lovely, websites. How can you keep this from happening to your website? Planning and Knowledge.
1. Have a secure username
Do NOT use “admin” for your username. If your profile was created with the username admin you can create a new user and delete the old one – but be careful and make sure you backup first. Here’s a great tutorial on WPBeginner that shows you how.
2. Have a secure password
Do not use the same password you use anywhere else. Use a site such as passwordsgenerator.net to create a secure password with at least 8 characters, a mixture of numbers, upper and lower case characters, and symbols. Also, a rep from Sucuri told me that a lot of people thinking they’re being slick by creating a word using symbols in place of letters, such as W0rdPr355, but that hackers know this trick and can break this almost as easily as if you used “WordPress” for your password. Save your passwords in a secure place, use something like LastPass.
3. Install a good security plugin
Plugins such as Sucuri or Wordfence can be set up to notify either you or whoever is maintaining your WordPress website. You can set it to notify you when anyone logs into the website, or when someone unauthorized tries to login – along with their IP address.
4. Never share your personal login information
If you need to allow access to someone always create a new user login for them, with the minimum security necessary. When they no longer need access, make sure to remove their access. You can either remove them all together (you’ll have to attribute any posts they have created to a current user) or set the email address associated with their username to one of yours.
Always keep a few good backups of the website. This way, in the unfortunate instance that there is any issue with your website, you will be able to bring it back to how it was beforehand. Read this post about recommended backup plugins.
6. Use a trusted hosting service
The person creating your website may have some suggestions, but be sure and do some research on your own as well. I use Siteground for my websites and recommend it to all my clients.
Make sure all of your plugins, themes, and WordPress itself, are updated. Each time you log into your WordPress dashboard, check to see if any plugins need an update. Login at least once a week. *Important: Make sure you backup your site before updating!