Computing Magazine

How to Stop Hackers from Locking You Out of Your Own WordPress Site

Posted on the 08 March 2014 by Savita Singh @Compgeekblog

Many people find it extremely difficult to maintain a proper website on the internet but want an online presence. Blogging is a major part of the online world today and millions of people all over the world blog everyday using the internet. One of the best tools online that is available for individuals and businesses to maintain an online presence and reach potential viewers online is WordPress. WordPress is a free and an open source blogging tool and content management system – CMS tool online today. It was founded in 2003 and since then it has been used by millions of users that create their own web pages or WordPress website pages and can manage their online presence quite easily using their WordPress sites. Many people express their views or promote their businesses using WordPress today. Their WordPress sites become extremely important for them and it is vital that these WordPress websites remain secure. Sometimes hackers hack into these WordPress sites and change the password settings to lock the owners of the sites out. So what can you do to stop hackers from locking you out of your own WordPress site? The following are some ways that will make your WordPress site more secure against the hackers:

How to Be More Secure On WordPress:

Password and Login Name:

A WordPress account is protected by a password which only the owner of the site should know. While choosing a password one has to be very careful. It is very easy for hackers to crack a password if it is an easy one like the site owner’s birthday or names or anything that is widely known about the owner. A long password of minimum 15 characters is more secure than a shorter password. Use an alphanumeric combination in the password as it is more effective and use capital letters, lowercase and numbers that are not easy to guess. Another way to make sure that the security of the site is not threatened is by changing the login name that is given as a “default admin user” name to the users at the time when the WordPress site is started. The default login name is easy to access for the hackers so change the login name and use some other random login name instead.

Site Should Be Clean and Updated

The WordPress site should not be chaotic but clean and tidy. This means that keep the plug-ins and themes on the site that are in use and delete anything on the site that is not in use for a while. Ignoring the website for a while and making it outdated in the process helps the hackers hack the website. Separate the in-production websites and the live websites on different servers. WordPress releases regular updates that fix bugs in the site and make the site stronger against hackers. Keep the WordPress website up to date so that it is stronger in dealing with hackers. The plug-ins and themes should also be up to date and if you have VPS or a dedicated server it should be up to date.

Malware & Brute Force Attacks

Malware is extremely dangerous for your WordPress website and one has to protect the WordPress website from such Malware that is a huge threat on the internet today. A proper protection against malware has to be set up by a WordPress user to protect the site from malware. There are a variety of such anti-malware and malware protection solutions available, some free while others have a subscription price. Anti-malware solutions like WordFence and Sucuri are ideal solutions to protect WordPress websites from malware. Malware has to be detected and then immediately cleaned up from the website so that there are no further problems with the website because of the malware. Another problem for WordPress websites online is brute force attacks. Everyday there are many attempts to hack a website on WordPress by hackers. These attempts to hack the website if successful can be potentially dangerous and even if hackers do not manage to hack the website the continuous attempts to hack the website can put serious strain on server resources. “Limited Login Attempts” is a plug-in that restricts login attempts and helps lock out the hacker after a few attempts.

Hosting Provider

A shared hosting option is always much more dangerous than a dedicated server for hosting the website or having a VPS. When a shared hosting platform is used there are many other websites that are using the same server and this is potentially dangerous. The problem is that dedicated server costs a lot of money and is difficult to manage. The solution to this problem is “managed WordPress hosting”. It provides better security and management of the website as compared to shared hosting and some of the best managed WordPress hosting platforms are WP Engine, Pagely and Synthesis.

Control Important Information and Backup Your Site

It is important that users check their phpinfo.php and i.php files as these can give access and directions to hackers to the websites. The backups created for the site should also not be stored on the servers which can easily be accessed by hackers. Another way to protect your site and information from hackers is by “disabling directory browsing”. A good idea is not to store passwords in FileZilla as it can be easily accessed by the hackers. Backing up the site by using backup tools like BackupBuddy and VaultPress is a great idea. This way even if the hackers manage to hack the site and lock you out, you have all the content and information to restore the site without the changes made by the hackers. Back up the websites for atleast a few weeks and test the backup so that you are sure that all the information is with you.

WordPress sites are very useful for millions of users all over the world. As a WordPress user you need to stay vigilant, take preventive measures against hackers and other issues and also fix problems immediately so that hackers cannot access the sites and cause problems like locking you out of your own sites.


Back to Featured Articles on Logo Paperblog