Securing WordPress better….

castle-834773_1280

Are you using WordPress for your website? It is one of the best CMS’s out there as far as security goes. However there are a number of “extra” simple things you can do for yourself to make it even more secure.

Always Update

Whenever WordPress and a piece of software is updated  you should try to update your own installation as soon as you can. Most wordpress updates are done to improve the system and this includes security. So when you see those immortal words “please update now” at the top when logged in, go ahead and do it……wait though, make sure you do a backup first!

Secure your Username

Create a secure username, never use the terms admin, administrator, the site name, user or test as your login.  These are too easy to guess and as most attempts at attacking your site using the login and password are brute force attacks (see explanation below) this makes sense.

Also if you are using the blog element of your WordPress installation make sure in your user profile you change your “display name publically as…” option to NOT be your login name. This meta info usually appears after every post so if not changed this just gives the attackers the first part of your login credentials

Complex Passwords

When people see the term complex passwords they always think that this means complicated keying such as: Dt123Fgn&* i.e. very hard to remember! However this doesn’t have to be, if your password is long it can actually be a phrase (with capitals) that is easy for you to remember, just make it long! Why? same reason as above most attacks come as a brute force attack so its just a series of guesses by software run by the attacker.  Longer passwords are harder to guess, the keys used to create your password are irrelevant the software can’t tell if the password is an actual word. You could even potentially use the term “Longer passwords are Harder to guess” 🙂

Limit your admin access

If you have an admin account access to your WordPress site don’t use it for stuff that can be done with a lower level of access. For example, create an editor account and use this to update entries on the pages or to add posts to your blogging area. This way the admin capabilities aren’t “open” every time you are logged in so an attacker can’t piggyback in and access all of the important bits.