BLOGGING 101: Protecting Your WordPress Website From Hackers
So, recently I’ve been receiving daily emails, that have caused me to go into a frenzy of panic. There is nothing worse than seeing that a website that you have put your heart and soul into is under a brute-force attack. What does a brute-force attack mean? That your site is experiencing a bot or hacker that is password guessing to attempt to login to your website. So, today I’m going to go through the steps that I have taken to protect my WordPress website from hackers.
Securi Security is a WordPress plugin that is available to download for free. It offers security activity auditing, file integrity monitoring, remote malware scanning, blacklist monitoring, security hardening, etc. But the best feature is the security notifications. It monitors any activity that is going on, on your website and sends you email alerts. You can opt out of receiving certain emails like post updates, when you install and activate plugins, etc. However, the alerts that you do want are successful logins and failed logins. This will allow you to monitor IP addresses that are trying to hack into your website, and Securi sends you an email instantlywhen someone fails to login to your website.
WP Limit Login Attempts
The WP Limit Login Attempts plugin is fantastic for login protection. Considering WordPress gives many attempts to guess the password than I would like. This clever plugin limits the amount of times that someone can guess your password. If you use the lite version, you only get 5 attempts to guess the password. However, if you purchase the pro version, this will allow more lenience. I just use the lite version, as 5 attempts doesn’t give them many tries before their IP address is blocked temporarily. It also helps to filter out bots that try to get into your website, as it uses captcha verification.
Check Your Users For ADMIN
When you go onto your wp-admin dashboard and you go to users in the left-hand sidebar, do you have a user called ‘Admin’?If the answer is yes, it’s got to go!
So, hackers are very clever, so if your username is ‘Admin’, it’s very easy to guess your password from there. I would recommend going to users > add new, and then create a new username, add an emailof your choice and make the password very hard to guess (do not use the same password you use for everything else online). Change the role of the new user to ‘administrator’. Note down details of this new user, as this will be the new account you login with in the future.
After you have made this user, go to the top right corner of the website and log out of WordPress. You then want to log back in with your NEW USER details. Once you have logged in successfully, go to users > all usersand delete the old admin account. You have now increased the security of your WordPress account further, hooray!
Ain’t Nobody Got Time For Spam!
Aside from hackers, spam is the biggest annoyance I counter on a daily basis. We get enough of it in our email accounts! How good would it be to have a plugin to sift out the spam so you don’t have to? Let’s face it, we’re just too lazy or too busy to have time to get rid of spam comments. Spam comments can be full of dangerous malwarethat has malicious programmes that could infect your computer, and as a blogger that is your worst nightmare.
The Akismet Anti-Spam is the plugin you need in your life! It automatically goes through all comments to check for spam; it reveals misleading or hidden links; moderators like yourselves can see how many approved comments a person has made, and Akismet even blocks and discards the spam that would otherwise clog up your disk space.
This plugin has already helped prevent 243 spam comments come through, so I only see the lovely, genuine comments that people leave me.
Lets All Protect Our WordPress Websites!
I hope all of these tips and plugins are useful and lets all protect our websites that we have worked so hard on! I’m hoping to expand on my Blogger Help category, so keep an eye on it for more help!
If you have a fellow blogger friend that you think would benefit from this post, please share it with them!
If there is something you don’t quite understand, or you have any questions, please feel free to leave a comment below for me to get back to you, or email me on email@example.com!
I would just like to add that this post wasn’t sponsored by any of the plugins talked about. I genuinely needed to urgently spread the message in case any other WordPress users experience the same problem with hackers. I’m not a professional in any way, this is purely my own experience and what has worked for me and my website.