How to secure your WordPress website

Getting a space on the web has become much easier with WordPress. You can not only create almost any type of website, but also give your voice a stage and build an audience. With WordPress, you can throw technical barriers away and start publishing and even making money! The ease of use of WordPress is another factor that made this extremely popular web publishing tool.

But hackers are always after what’s most popular. Windows operating system, for example, is prone to more hacking attempts than Mac or any other operating system. It’s because of the popularity of Windows operating system. Just like that, WordPress is prone to hacking. Although its basic security is good enough, but still there are things that you should do to make sure your WordPress site doesn’t get hacked.

In this post, here are a few basic steps that you must take in order to tighten the security of your WordPress website.

Remove ‘Admin’

By default, your WordPress admin account comes with an account with the username “admin”. Everyone knows that. And it only makes hackers’ work easier, because half of their job is done. They only have to crack the password.

But if you use a username other than the default admin, it will act as another layer of security as the hacker will have to guess the username that has admin access. Speaking of that, you should always use a low-privileged account to write posts and interact with users while keeping a secured account with weird, non-guessable username that has all the admin privileges. This will make your site a little more secure.

Keep Stuff Updated

Even if you do not update your site, or maybe you don’t need to update if yours is a company website, you should still check often for updates on your plugins, themes and of course, core WordPress software. It’s vital to keep everything up to date in order to stay secured.

Plugin authors release security updates on a regular basis (and you should not use the plugins by those who don’t). As a result, old versions of plugins remain vulnerable to your website. If you keep using them instead of updating, hackers will have a known way to access the backend of your site.

You should also keep the amount of plugins you use to a minimum.

Use Strong Passwords

If you use passwords like “ilovemywebsite” or “myfavoritecityisnewyork”, your password is more likely to be cracked. Hackers use tools to guess long string of passwords by matching various keywords. It’s better to use something that’s alphanumerical and doesn’t make any sense. If you add the birthplace and birthdate as your password, it’s still alphanumerical but it’s not non-guessable. Anyone who personally knows you will be able to guess it. And you will pick up some enemies as you rise towards your success.

Bottom line, make passwords that only you can remember but nobody else can ever think of. It’s always good to have a complex mix of letters, numbers and special characters such as @, &, %, $, #, etc.

To generate a strong password, simply use LastPass. It is a password manager which allows you generate strong password and it also stores all you passwords too.

Use Bulletproof Security plugin

Bulletproof security is a popular plugin that works with your site’s .htaccess file. .htaccess file determines who to let visit your site and who to stop. If you can familiarize yourself with .htaccess configuration, you can make amazing improvements to your website – not only from a security perspective but also in overall speed and performance.

Until you learn .htaccess configuration, you can leave it up to Bulletproof Security plugin. After activating it, make sure to use its automatic buttons to create secure .htaccess file and activate them manually to protect your site’s root folder, wp-admin folder and optionally bps (bulletproof security) backup folder.

Install Bulletproof Security from your WordPress dashboard or check out in the WordPress repository.

Keep Backups regularly

No matter how hard you try, your site will always remain vulnerable. Even government websites sometimes get cracked by experienced hackers. So, you should do everything to prevent such an attack but also remain prepared for the worst. And the best way to remain prepared is to have regular backups.

Regular backups ensure you that even if your site goes down, all your content will be there. It will be a matter of time until your site is back online. But if you don’t have any backup, you will lose all your hard work. So, the moment you install WordPress, make sure you install a way to automate regular backups.

WordPress plugin repository has some cool backup plugins. Some free plugins include Online Backup of WordPress and BackWPup.

More premium plugins are available that have added functionality such as sending backup file to an FTP server. You can check out BackupBuddy and ManageWP.

Learn from the Makers

The geeks who made WordPress possible has the best documentation ever made. If you’re serious about your security and want to take it to the next level, you should head to WordPress Codex page: Hardening WordPress and learn more tactics to protect your site.

So, what steps are you taking to secure your WordPress site?

About Tim Ling

Tim Ling is internet entrepreneur, SEO strategist and blogger. BlogHunk is a place where he likes to blog about his learning experience. Tim believe by helping as many people to achieve their dreams, he can achieve his too. Connect with him at Twitter or Google+.