Six WP Security Tips to Protect Your WordPress Site from Danger

When it comes to Content Management Systems, WordPress is by far the most popular anywhere in the world, with more than 70 million users. WordPress hosts over half the blogs that are found online and it used by some of the largest companies like NBC, CBS, CNN, etc. There are over 2.5 billion WordPress pages that are read by over 300 million people daily, while around 500.000 new posts and 400.000 comments are posted each day. Overall 27% of the Internet is Powered by WordPress.

There are no signs that the growth of WordPress is going to slow, but what is known is that as more users come on board, the security risk grows higher. It is the responsibility of each user to make sure their site is as secure as possible. Let’s look at 6 WordPress security tips to protect your WordPress site from the danger of hacking.

#1 Stay Current – is very important that you stay current and up to date with your WordPress site including plugins and themes.

#2 Increase the Strength of Your Password – We hear a lot about strong passwords and yet we still create passwords that are weak and easy for hackers to obtain with automated software. Instead create a password that is not a real word and uses lower case, upper case, symbols and numbers – this will give you a strong password that’s less likely to be hacked.

#3 Watch Your File Permission – You should keep an eye on your file permissions. You can set your file permissions with FileZilla.

#4 Use SSL Encryption – SSL Encryption is used to encrypt the data your blog sends out. This means that the data cannot be accessed as it leaves your router, which keeps account information secure. It makes the data difficult to intercept and difficult to decrypt. Usually you have to pay for SSL encryption but it’s worth the money. However, WordPress SSL encryption costs you nothing – you just need to add define (‘FORCE_SSL_ADMIN’, true) to your wp-config.php file.

#5 Use .htaccess – You will find the .htaccess file in the default hosting file, which can be used to block certain IPs.

#6 Always Have a Backup – Regardless of how good your security there is always the risk of being hacked, even if it’s minimal, so you need to back up at least once a week. Backup your data daily and store it offsite, so that if you do find yourself hacked you will have a good backup to get back up and running.

Five Things You Can do to Secure Your WordPress Site

Making sure your WordPress site is secure from hackers is important. Being hacked is no laughing matter. It can result in a loss of all your data, the collection of your personal information and that of your customers or followers, and it can put you at risk financially. Let’s look at 5 things you can do to help secure your WordPress site.

#1 Fix Any Malware Issues
Find a way to clean up detected malware issues. It’s common for blog owners to underestimate the cost of being down related to security problems or the time it takes to deal with an issue. Sucuri is a good solution for removing malware.

#2 Choose a Host Provider
If you have your blog on a server that is shared your security risk goes up tenfold. Consider the risk to your blog and then multiply that risk by the number of other sites and blogs on that server. That’s what your risk is. A dedicated server or VPS may be more than you can handle, but another good choice is WordPress hosting that’s managed. It’s certainly worth the cost as you get better security, better support, a faster site and automatic backups.

#3 It’s Time to do Some Site Clean Up
You need to keep your blog nice and tidy. Remove old plugins you aren’t using. Delete themes you no longer use. Host websites that are in development on a different server than websites that are live.

#4 Control Sensitive Data
When you are doing your site clean up, make sure you aren’t leaving behind any sensitive data for the world to be able to gain access to. Check all of your php files, because these are like road maps to your site setup and give a hacker all of the information they need to ‘bust in.’

Don’t keep your backups on the server with your site files. That’s just encouraging a hacker to download them and use them to hack your website. Disable directory browsing to stop a hacker from seeing the blog’s folders.

Be careful when you are using the CPanel file manager and having it save copies of your important files temporarily. You are much better off using secure file transfer protocol.

#5 Don’t Let Your Guard Down
This might seem obvious, but it’s not always practiced. You need to be vigilant about staying on top of everything on your site. This will decrease the risk of being hacked.

Discover How Hackers Can Determine Your Password

We hear a lot about creating strong passwords. So while we are talking about passwords relating to your WordPress blog, the reality is that this applies to any site that you would be logging in to. Sadly, even with all the talk about passwords, many are still creating passwords that the hackers have no trouble breaking. So, let’s look at just how a hacker determines your password, because this could help you understand just what you need to do to create a strong password.

Sometimes, it’s as easy as a user creating a password like 12345 or 54321 and thinking they are secure that gets them in trouble, but some people actually do try to create a good password and still find they have been hacked. That’s because hackers have gotten very smart at cracking passwords.

* Variations – The programs these hackers use allow them to try many variations. So simply placing a number or character at the end of your password will not make it any securer.

* Tricks – Hackers know most of the same tricks you do for coming up with a password. They know that a person replaces certain letters with numbers or symbols. They know that a person replaces phrases, words or quotes. If you read about a trick to make your password stronger, remember the hackers likely also read about it and so will implement it in their hacking schemes.

* Predictable – You may think your password is random, but it likely isn’t. People are much more predictable than you might think, and the hackers will take advantage of that. If you think choosing a phrase from the Bible, is safe think again. If you think a phrase from a literature piece is safe, you’d be wrong. Hackers use dictionaries to find words that can be used as passwords, but they also use tools like YouTube, or Wikipedia, to name just a couple, to discover the most common quotes and phrases, to learn what slang is currently popular, and even to find words that have been made up online.

* Password Breaches – Whenever hackers explore a volume of password data, they are able to get a better understanding of just how people arrive at their passwords that goes far beyond common words and phrases.

* Brute Force and Dictionary attack – A Brute Force Attack tries all possible combinations of passwords for a given character set, and a Dictionary Attack uses a list of common words used as passwords, trying them one by one until finding a match.

Now that you have a better understanding of how hackers figure out your password, you’ll be able to create a stronger password.

Protect Your WordPress Website Against Security Breaches

If you have a WordPress site, it is very important that you take at least the basic steps to ensure you are secure from hackers. This isn’t really ‘news,’ after all this has been known for a long time, yet still many people do not stop and consider website security when they are creating their sites. They don’t do any reading on the topic because it’s too technical and just plain boring, and far too often people think it won’t happen to them. Therefore, they also don’t do anything to protect their blog or site. The good news is that in under 30 minutes you can improve your security and not spend a cent.

#1 Change the ‘Admin’ Username

The default login for WordPress is ‘admin.’ Trouble is most users just keep it that way, making it incredibly easy for hackers to figure out your user name. Now they are already half logged into your site. Change the ‘admin’ login into something new! Be sure to attribute your admin posts to your new user before deleting the admin user account.

#2 Create a Strong Password

Your WordPress is only as strong as your weakest link, and your password is often that weak link. Hackers use software that scrolls through hundreds of thousands of words looking for a match, which is why you should not be using a real word for your password. You should also not use a logical sequence of letters or numbers. So don’t use your pet’s name, your birthday, your phone number, etc. You can use a password generator to help you if you have trouble coming up with a strong password.

#3 Delete & Update

WordPress is known for being weak on security. The reality is WordPress is only insecure when the users do not keep it current. Any part of your website that isn’t running the latest version is always at a risk of being hacked. Hackers are constantly looking for vulnerabilities and if you aren’t staying current you are at risk. So make sure you are running the most current version of WordPress, installed plugins and themes.

#4 Limit the Login Attempts

Install a plugin that will limit the number of times a person can try to login before the site shuts them down. iThemes Security Pro lets you do this. When you limit the number of times one can try to access your site, you reduce the likelihood of being hacked.

That’s it – there’s plenty more so don’t stop after you’ve done these four things, but this is a great place to start.

Advertising Your Blog In Your Email Signature

If you have a blog that you are particularly proud of, and that you want to share with other people, there are a lot of free ways that you can get your blog noticed.

One of those ways is something that you do everyday, and that you may not even consider as a way to share your blog. Put the link to your blog in your email signature.

Chances are that you send out emails more often than you can count during the day, each time you send out an email, you can advertise your blog by putting the address of your blog in your email’s signature.

It’s always a good idea to write something catchy like, “See what I am up to now”, or “Read the latest chapter of my Ebook here”, depending on what type of blog you have.

The thing to remember about putting an adveritsement in your signature for your blog is to make it short, but eyecatching.

You want people to be interested enough to want to click on it, but you also don’t want to scare them off.

Just like it is with any adveritsement, you want to give them just enough to be interested and take a closer look at what it is that you are advertising.

Think about what it is that your blog is about. What is really going to interest people abuot it and want to visit? That is what you should include in your signature, and that is what is going to get people to go to your blog.