How to Protect Your WordPress Website from Malicious Hackers (Part 1)
Over 30,000 Websites are hacked daily. The activities of malicious hackers cost the global economy over 450 billion dollars every year. In 2017, over 1.5 million WordPress Websites were hacked in one single day. Malicious hackers use sophisticated tools and techniques to scan the internet daily looking for vulnerable Websites. It is quite astonishing to know that every Website on the internet is important to malicious hackers notwithstanding their size or scale. If you have a WordPress Website, I hope you find these security measures extremely useful to safeguard your business and personal brand online.
- Make sure your admin username is hard to guess
Your admin username and any other username you use for your WordPress Website is extremely important. Sadly, for most Websites, the default admin username is “admin”, making it relatively easy for malicious hackers to execute a brute force attack to guess your username and password. You must ensure to change your username to something you can’t easily remember e.g. a random alphanumeric number.
2. Make sure your passwords are extremely hard to guess
Do not use the same password for all your online accounts, it is important to maintain a unique and “hard to guess” password for your WordPress Website. For example, if you are using the same password for NetFlix and DropBox, then when your Netflix account is compromised, malicious hackers could use the same information to hack into your DropBox account. I strongly recommend you take the following steps in creating strong passwords.
Step 1: Check out the types of password combinations that are secure on
https://howsecureismypassword.net/
Step 2: Use a password manager to generate secure passwords, I recommend — https://masterpassword.app/ and https://keepass.info
3. Enable two-factor authentication
I highly recommend you enable two-factor or two-step authentication for your WordPress Website logins. Due to the level of sophisticated machines used by malicious hackers in brute-forcing passwords, having single-factor authentication is a huge risk that could ruin the reputation of your business or personal brand. One of the most reliable solutions I recommend to clients is Google Authenticator. Google Authenticator can be installed on your mobile phone and then set up on your WordPress Website. By having this extra layer of authentication, you are guaranteed effective access control on your WordPress Website. To set up Google Authenticator on your WordPress Website, follow these instructions.
4. Make sure you update your software regularly
One of the most common causes of successful WordPress Website hacks is un-updated software and plugins. Aside from updating your WordPress platform version regularly, you need to make sure the applications running on your server (home directory and Webroot) are up-to-date. You must develop the habit of checking for application vulnerabilities to avoid a potential backdoor for malicious hackers. Some of the simple actions you can take now are;
- Deleting unnecessary plugins through WordPress Backend
- Deleting unnecessary themes
- Checking the file and directory permissions on the server (if you have access) and making sure your Web server does not have ownership of your WordPress configuration files (ownership must belong to root user).
Watch out for the continuation of this article next Sunday. Don’t forget to leave your comments, questions and feedback. You can stay updated with my upcoming cybersecurity and Blockchain speaking events on josephikhalia.com
