WordPress blogs are constantly being targeted by hackers, and the problem is getting worse all the time.
It seems that the miscreants of the world have nothing better to do than try to make the lives of others miserable while exploiting the hard work of legitimate bloggers to “earn” some ill-gotten cash for themselves.
Keeping a blog safe from hacking attempts gets more difficult every day as the hackers become ever more determined and sophisticated.
That being said, there are a number of things you can do to help keep your blog safe and secure, and I will discuss a few of them in this post.
Here are 9 tips that can help prevent your WordPress blog from getting hacked:
1 – Create a password that’s hard to crack, yet easy to remember. This post explains how to do that.
2 – Never use the default WordPress username admin. Instead, log in to your WordPress control panel, then click on Users and add a new user with a username of your choosing.
Give that new user account Administrator privileges, then delete the default admin user. Note: WordPress can transfer authorship of all posts created by the admin account to the new user account during the deletion process.
3 – While in the admin panel, click on Plugins>Add New. Search for a great plugin called Wordfence Security, then install and activate it.
Wordfence provides dozens of powerful security features that will help prevent hackers from logging into your WordPress installation’s Dashboard and prevent them from taking control of your blog. This plugin is simply amazing.
4 – ALWAYS keep your WordPress core files, themes and plugins up to date.
Most updates are distributed to plug known security holes, and every minute that you wait before installing them gives the hackers that much extra time to find and attempt to break into your blog. I install all updates immediately upon their release (or as quickly as I possibly can).
5 – Don’t use any plugins that your blog doesn’t actually need. Every plugin you activate on your blog is another potential back door into your blog for hackers to break through. If a plugin is secure and truly adds value to your blog, by all means use it. But if it doesn’t, don’t.
6 – Delete any plugins that aren’t being used. Any plugin is a potential vulnerability whether it’s activated or not.
7 – Check the permission levels of your directories. If you see any that are set to 777, lower them to at least 755 or 750. Individual files should be set at either 640 or 644. Set the all-important wp-config.php file to 600.
8 – Install the awesome Google Authenticator plugin to enable rock-solid two-factor authentication on your blog.
9 – Enable TLS encryption on your WordPress installation. Enabling TLS will help protect your blog’s login information from hackers. What’s more, Google and all the major web browsers have now made TLS encryption a necessity anyway if you want to keep your blog’s traffic levels from plummeting off the edge of a cliff.
Well, that’s all there is to it. Your blog should now be about as safe from the hackers of the world as you can possibly make it.
Of course using these tips won’t guarantee that your WordPress blog will never get hacked. That’s why you’ll still need to make regular backups of your entire WordPress installation. But they will definitely make the job a LOT harder for the hackers.
And since most hackers prefer picking low-hanging fruit (blogs that are insecure and easy to hack), they’ll probably give up on your blog after a few attempts and move on to an easier target.
Bonus tip #1: Read this post to find out how to quickly check your blog for malware.
Bonus tip #2: Want to make sure you never miss one of my tips? Click here to join my Rick’s Tech Tips Facebook Group!
Want to ask Rick a tech question? Click here and send it in!
If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.