WordPress: Safe? Reliable? Versatile?
Just about anything you want to do with a website can be done using WordPress. Versatility? You bet. Who uses WordPress? How about the Chicago Sun-Times, AMC, Mercedes-Benz, Time, The Rolling Stones, Beyonce, The Walt Disney Company and tons more well recognized names.
WordPress has a lot going for it. It’s grown steadily in popularity since its’ inception. In fact, WordPress is the framework behind almost 25% of the websites on the internet. On the flip side, it’s popularity makes it a huge target for hackers.
Out of the box, WordPress has a few vulnerabilities that can be exploited fairly easily by the hacker community. You can improve the odds in your favor by applying a few of the following tweaks to your WordPress installation.
Admin Account: Change your admin account to something other than “admin”. One of the first things hackers try is to login to your WordPress site using the standard admin user account.
Login URL: One of the first things we do on a new WordPress installation is to change the login URL. Hackers running a brute force attack will go to wp-login to try and login to your site. Renaming wp-login defeats one of their main entryways to hacking your site. There are several plugins you can use to rename your wp-login url.
Strong Passwords: Always, always use strong passwords. Password bots can make easy work of weak passwords, resulting in a hacked site, data compromise or worse.
WordPress Security: Install a security plugin. There are several good ones that are free and they work! Depending on the situation we use WordFence, iThemes Security, or Sucuri Security and sometimes a combination.
Backups: Absolute necessity. We have had great luck using UpdraftPlus – Backup/Restore. We like storing the backups off-site and Dropbox works great as a backup storage solution.
Spam: Spam is everywhere it seems. Turning off the ability for users to comment on posts cuts down on the spam on WordPress. Foe situations where comments are needed, we make sure comments require admin approval. Akismet Anti-Spam helps keep spam off your site as well.