WordPress is unambiguously the most popular content management system (CMS) with more than 17% of the entire world’s websites powered by it. With its popularity shooting off the roof with millions and millions of websites built with WordPress, WordPress sites also undoubtedly become one of the targeted platform for hacking and attack.
Below are the top 5 tips to reduce the risk of your WordPress getting compromised and become a victim of the hackers or web malware :
- Keep your WordPress up to date. Always keep your WordPress updated to its latest version. At this point of writing, WordPress is at its version 3.8. Updating WordPress is relatively easy. See this video on how to update WordPress.
- Don’t use “admin” as your admin username. While many these days heeded the advice to use a strong password ie. 12-character alphanumeric including symbols, many also have the habit or tendency to use “admin” as the admin username. I’d guess that 9 out of 10 new WordPress users will use “admin” as the administrator’s username. C’mon, admit it 🙂 So the next time you’re creating a new WordPress with cPanel’s Fantastico, use any admin username other than “admin”.
- Don’t use the default “wp_” table prefix. By default, WordPress database tables starts with “wp_”. You can change/edit this when installing WordPress ie. using cPanel’s Fantastico. By changing this database table prefix, you give one more thing for the malicious one to guess while trying to hack the database.
- Install security plugins. For example, you can install and configure the Limit Login Attempts plugin to prevent brute-force logins and attacks. You can also install Exploit Scanner plugin and run it regularly to check for vulnerabilities and cracking attempts. When configured properly, they can harden your WordPress site’s security.
- Back up your WordPress! The importance of backing up your WordPress site couldn’t be stressed more. Always be sure to properly back up your WordPress in terms of contents and design/theme customization. In worst case scenario, keeping backups allow you to at least restore your site and reduce downtime when the site is hacked, corrupted or simply crash by itself (due to unforeseen circumstances). And when you perform backup, it’s a good practice to save the backups to external storage like Dropbox or Amazon S3 (cloud storage).