My WordPress blog was hacked 2 years ago and let me just say I have never been so bummed out. It’s sad to say but it was my very first website, it already had over 2000 views/month and was already showing great potential. Needless to say, being very inexperienced, I was completely overwhelmed and even though I tried very hard to repair the damage, it was all too much to deal with and I eventually abandoned the site altogether.
The hacking of websites is a very common event and I can not imagine the devastation that would result to any website owner who already has a large number of posts and hours of work dedicated to their site, -only to have it hacked or completely destroyed beyond repair. Not to fret however because there are a few steps you MUST take in order to secure your WordPress blog from hackers.
You may have also missed the following useful post:
Top 10 Must Have Plugins For Your WordPress Blog
The list of things below will help you to stealth protect your blog/site from annoying hijackers who’s main purpose is to seek and destroy hard working established websites. There is also a free plugin included to help you protect your blog/website from predators ( cough cough…ahem hackers).
Make changes to your administrator account from admin to something else
This is the very first step that you will absolutely need to take since a large number of brute force password attacks and hack attacks are made from within the admin account, so if you can take charge and remove this, then you can immediately prevent the attack before it happens.
This is easy, just take the following steps
- Create a new username under a new account
- Set yourself up as the admin (make sure to first check and see if you can log into the admin)
- Select a password that is not easily found in the dictionary. It’s best to have a password with *%^$ special characters and one that has 8 or more characters and a mixture of letters, numbers and special characters.
- Delete your old admin account and set every post on your blog to be under the newly created account.
image source: Imdb
* For goodness sake, avoid using the exact identical passwords you use on your WordPress blog as you do for all other websites you join! Some sketchy web admins can monitor your passwords, then turn around and try to access your yahoo, Youtube, Gmail accounts with them.
25 Most popular passwords you should avoid using at all costs (yes some of these are absolutely ridiculous):
- password (I’m not even joking!)
image source: Udemy
Limit login attempts
If you own a website/community or membership site where users have to register, some users might try 3 or 4 times to log in before they throw in the towel and request a password reset (this is absolutely normal), – however, there is absolutely NO WAY that anyone with good intentions would attempt 100+ times to log without requesting a password reset! So in order to limit the number of times a person can attempt to login, you can get a hold of the Limit Login Attempts Plugin. This plugin locks out users who have been trying to login for a certain number of tries, best of all, its FREE!
Limit Login Attempts plugin
Image source: Hostgator
Watch what users do on your site
Watch what people do while they are on your site ( this is if you allow people to register on your blog/site). You can use the highly effective plugin known as the threeWP Activity Monitor you can also filter it in order to allow it to record other things such as downloading files. This plugin can also record attempted log in activity.
It can be scary to see just hoe many people will attempt to login to your admin account and all the passwords that hackers will try to use (this comes in very handy in order to help you avoid the commonly used passwords).
Ban users who repeatedly try wrong passwords
You can also use another free plugin
in order to ban users who try to use too many admins ( or any user who attempts to login to your ‘admin’ account). This particular free plugin is called the WP Ban
and helps to stop both trolls and newbie hackers straight in their tracks. (it is very important that you empty out the ban list from time to time in order to keep your site’s performance in tip top shape (you can automate this keep reading to find out more).
Secure your WordPress site From Hackers With a Free Plugin
It can be tiring and time consuming having to manually go about clearing out your ban list, not to mention the many notification emails you are likely to receive each and every time someone gets banned from your blog/website from trying to login 100+ times with the wrong set of passwords!
1. First things first, you will need to have the Limit Login Attempts plugin fully installed and activated.
2. Make sure that you have the WP Ban plugin installed and also activated as well as configured. This plugin will monitor any emails sent by your site and once it detects any emails from the the Limit Login Attempts plugin notifying you of a user who is now locket out, it immediately will add them to the ban list.
* Important: Please set your limit login attempts plugin to notify you whenever someone has been locked out.
3. make sure you tick this box in limit login attempts
This plugin will add a to the end of emails whenever it has not banned someone just so you know that it is working properly without the need to wait until someone gets banned!
There are many WordPress security plugins, I have also used Better Wp Security, and I find it to be super easy to use and it is an exceptional plugin that can help to protect your WordPress blog from annoying hackers and all the online pests.
Ultimate Blogging Guide | Contact/Hire Me