5 Tips to Boost Your WordPress Security
Jul 30, 2015
WordPress parent company Automattic just released their 4.2.3 fix in hopes of fixing a number of vulnerabilities that were identified in their plugins and cross-site scripting. Gary Pendergast, an engineer at Automattic, implored users to download the newest update. His message was clear; WordPress security is a team effort that requires coordinated action by both developer and user. Updates are useless if you don’t make the effort to install them, after all.
Keeping in line with Pendergast’s call for user involvement in WordPress security, Hacker4Lease would like to offer 5 tips for users to boost their WordPress security.
- Stick with secure hosting. Don’t default to the cheaper web hosting provider you can find. Do your research and be discerning. Don’t commit until you’ve found a company with a trustworthy track-record.
- Be obsessive about updates. Don’t let updates pile up in a queue. They may be a bit inconvenient, but they contain patches and fixes that your software needs to stay competitive in the digital security arms race. Watch all Dashboards, themes, and plugins for updates, and jump on them immediately.
- Buff up your password protection. Nearly 10% of WordPress hacks are the result of weak passwords. If your password is old or obvious, you are asking for trouble. We recommend updating every 1-2 months.
- Avoid the ubiquitous “admin” username. Until version 3.0, you had no other option, but a series of recent Botnet attacks targeted this common username in an attempt to gain server access. Consider creating a new administrator account for yourself and deleting the old “admin” to avoid being targeted in a similar fashion.
- Limit login attempts. Hackers or bots trying brute-force password cracks can often be thwarted by limiting the number of failed login attempts allowed by a single IP address. There are ways around this method, since many hackers use a number of IP addresses, but it remains a worthwhile precaution.