WordPress is one of the most widely used CMS’s available today and it is believed that 45% of the websites on the Internet are now, “proudly powered by WordPress“. We build LOTS of WordPress themes for all kinds of websites. It’s probably the most common type of project we work on. WordPress is very, very popular.
The downside of this popularity is that it becomes a massive target to hackers – and they regularly succeed because webmasters don’t always maintain good cyber security practises. In this article, I want to talk about how to keep your WordPress powered website secure.
One of the best things about WordPress is the plugin library that allows you to add additional functionality to the WordPress core. They have plugins for everything. And you should definitely use some of them to keep your WordPress website secure.
WordFence is a very good security plugin. It will do things like check your install for injected code, compare plugins to the repository versions and much more to prevent any devious people trying to infiltrate your website. It’s well worth using.
Delete any themes you are not using. Even though this code is not in use by your website, theme code can still be used by hackers to get into your website.
This is not as easy as you think. Unfortunately, when you set up a WordPress blog, your author archive is located at a URL which contains your username. Because of this, even if you don’t go with the obvious ‘admin’ as your username, it’s pretty easy for anybody to see what your username is just by clicking the link to your author archive that usually hyperlinks from the by line of every blog article.
In the users tab, you can set your public display name. This is the name to whom blog articles will be credited in the by line. Make this different to your username. Never use admin.
This is an option that makes sense if you are the only author on your blog. If you are the only person who writes articles on your blog, you don’t even need an author archive because it’s the same as the post loop. By deleting the link, it’s not so easy for people to find your username, which is half the battle when trying to hack you.