Uh-oh!
You may have heard people talking about how their website was “hacked”. Maybe their site starting showing strange characters or re-directing visitors to other, not so lovely, websites. How can you keep this from happening to your website? Planning and Knowledge.
1. Have a secure username
Do NOT use “admin” for your username. If your profile was created with the username admin you can create a new user and delete the old one – but be careful and make sure you backup first. Here’s a great tutorial on WPBeginner that shows you how.
2. Have a secure password
Do not use the same password you use anywhere else. Use a site such as passwordsgenerator.net to create a secure password with at least 8 characters, a mixture of numbers, upper and lower case characters, and symbols. Also, a rep from Sucuri told me that a lot of people thinking they’re being slick by creating a word using symbols in place of letters, such as W0rdPr355, but that hackers know this trick and can break this almost as easily as if you used “WordPress” for your password. Save your passwords in a secure place, use something like LastPass.
3. Install a good security plugin
Plugins such as Sucuri or Wordfence can be set up to notify either you or whoever is maintaining your WordPress website. You can set it to notify you when anyone logs into the website, or when someone unauthorized tries to login – along with their IP address.
4. Never share your personal login information
If you need to allow access to someone always create a new user login for them, with the minimum security necessary. When they no longer need access, make sure to remove their access. You can either remove them all together (you’ll have to attribute any posts they have created to a current user) or set the email address associated with their username to one of yours.
5. Backup
Always keep a few good backups of the website. This way, in the unfortunate instance that there is any issue with your website, you will be able to bring it back to how it was beforehand. Read this post about recommended backup plugins.
6. Use a trusted hosting service
The person creating your website may have some suggestions, but be sure and do some research on your own as well. I use Siteground for my websites and recommend it to all my clients.
7. UPDATE!
Make sure all of your plugins, themes, and WordPress itself, are updated. Each time you log into your WordPress dashboard, check to see if any plugins need an update. Login at least once a week. *Important: Make sure you backup your site before updating!
Pingback: How to Add WordPress Users - the Right Way - Mindy Iannelli
SO true. I use LastPass also and am really happy with all the help it gives me in knowing my passwords and it is a huge stress reliever!
Changing your password, to a more secure one is super important….But it also can be so stressful when you need to get into your website and can’t remember the new password.
Thanks for this blog post. Very helpful.
Heather, I’m so glad you are using LastPass – so great for security and peace of mind! There are just too many passwords to keep track of these days!
I use a small address book that I list all my passwords in. My webmaster has all the other security points you covered so excellently covered. A year ago, I would not have understood, but now that I do, its good to confirm we are doing it right.
So glad you have a plan set in place, Roslyn! Just keep that address book safe! 🙂
I didn’t know about LastPass. I will have to check it out. I just have a piece of paper that I keep secure with all my passwords. Crazy right. If I lose it, I am locked out of my world! Thanks for the great tips.
Crazy to think about how much we rely on all those passwords, right, Brenda? Maybe put a copy in your safe? LOL. 😉
Really good info, Mindy. A good reminder for folks.
Thank you, Carol.
So you’re saying I should not use “password” for all of my passwords? Just kidding. this is great information and something I need to learn more about. Yu can never be too careful.
Haha, Christy – yes I am saying that! If ever have any questions, send them my way – if I don’t know the answer I’ll know where to find it!
GREAT tips.. you might even want to create a how to on the back up stuff or how to create a new user, they just don’t get it.. and the long passwords are easy, even right in WP.
Hey Kristen – thanks. I’ve written blogs on backing up and adding users but I should add some videos showing people how to – good advice, thanks. I’m on it!
Fantastic tips. Sometimes I change up my password every few months. Yep, I’m paranoid for sure. Lol. But these were excellent. Totally love word fence I have a lock down plug in too that will shut them out for 20 minutes if they use the wrong user name or password.
Hi Chel. Thanks for the feedback. That’s great that you change your password from time to time. Wordfence is awesome! I ban them permanently – love that feature!