Security online is important for everyone, not just for WordPress bloggers. We all need to be very responsible and keep our sensitive data from getting in the wrong hands. Internet security is sometimes difficult and obtuse topic, particularly if you lack the technical background, but because the damages and recovery can be really difficult, the meaning and importance of keeping your blog safe become even greater. Following is a checklist of six simple steps you can take right now to make your WordPress blog stronger and safer:
Use Strong Passwords
The first step to online security, no matter the program or service you use, is creating a strong and unique password. Same applies to your WordPress blog too. If people (or better say computers) can easily guess your password, or you use the same code for everything – your email and bank accounts, online registrations and forums – you have made yourself very vulnerable and prone to hacker attacks.
Watch the video and see how to create strong and secure passwords, and use the WordPress version 3.7 smart password strength meter. If you have problem memorizing all your different passwords, you can also try programs like LastPass which will remember them for you for free.
Regularly Update Your WordPress, Themes and Plugins
Program updates are made to fix security issues too, and not just to add new features and repair other problems. So if your WordPress blog, themes and plugins are not regularly updated (at least once a week), you risk your site getting hacked.
If there’s a message telling you to update your installation when you log into your Dashboard as an administrator, click and follow the steps. From your Updates page with just a few clicks you can update each outdated theme and plugin individually. You can also configure automatic background updates for your WordPress blog; more info here.
Delete and Never Publish Content with the Default “Admin” Username
When you first install WordPress you are given a default username Admin and default password Pass. If you don’t change this user and password and continue publishing content with it, anyone can log in as administrator and do anything they want to your blog and data.
Instead, create another username with administrative privileges that no one else can guess, protect it with a secure password, and use this user only when needed – to install updates for example. For posting content create another user with editor privileges, and assign to it all previous posts published by the Admin user after you delete it.
Install a Plugin to Limit the Login Attempts
By default you are allowed to have unlimited login attempts to your WordPress blog. But this is extremely risky as it leaves space for easy brute-force attacks by hackers intended to shut down your site. To limit the number of incorrect login attempts to your account you can use the Limit Login Attempts WP plugin. It allows you to set a specific number of retries making such cracks difficult or impossible.
Like when selecting free WordPress themes, you need to be careful when researching plugins too. Always check their official reviews on WordPress.org, and install only from reputable and trusted sources. Check our list of 20 WP plugins recommended for bloggers.
Remove the Default META Widget From the Sidebar
The META widget is one of the few that come installed into your WordPress blog’s sidebar by default. It contains login and logout links to your blog, which makes it a security issue as hackers can easily access these links too. To remove the widget from the primary sidebar go to Appearance/Widgets and delete it.
How about you… Have you thought about the security of your blog and data? What other precautions would you recommend to stay protected? Tell us in the comments…