WordPress powers over 62 million websites and is the CMS tool of choice for over 60% of the top 1 million sites on the web. There is a reason for this – WordPress is terrific in many ways! But when you’re greatest, you carry a target on your back.
WordPress has recently been under a pretty serious attack again recently by a malicious botnet. This particular attack is an automated “brute force” attack using thousands of computers in various locations. The attackers mainly are targeting WordPress sites that did not change the default admin account, and attempt logging in to the admin account using many commonly used passwords.
How can you make your WordPress website more secure? We recommend at a minimum:
- Don’t use the login admin. If you have that login on your WordPress blog, give administrator rights to another account and disable it. It’s the most basic hardening you can do for WordPress.
- Strong passwords. C’mon, if you’re using a password like “password” or “123456”, you’re asking for trouble. Use a good password, minimum of 8 characters, and include caps, lowers, numbers, and a special symbol.
- Backups. Make sure your data is safe, and make sure you are performing regular backups of your data. We like this plugin for backups: BackWPup.
- Security Enhancements. We like the Better WP Security plugin – it adds a number of security features and techniques to help protect your WordPress blog. (note you may need some help with this plugin if you are not technical.)
Take some time out today and make your blog more secure. We hope you find this information helpful!