When you first create a website, or in charge on one, one thing that you must take into consideration is the website security. I found it quite surprising how many alerts I receive about someone brute force attacking my website. Whilst it isn’t a massive concern for me, I’m amazed at how many websites have a weak password that can quite easily be guess by a hacker.
I must receive at least 20 emails per day telling me that someone has failed to log into my admin account, often the admin account gets locked out so that they cannot keep trying different passwords.
Below is a few handy tips on how to keep your website secure.
1. Choosing a strong password
This might seem obvious, but it’s very surprising how many websites have weak, easily guessable passwords which makes it extremely easy for hackers to get into your website. If my website had a weak password, for sure it would have been hacked into 100 times over by now. Don’t use the same password for everything, all it takes for one to get compromised and then everyone not only has access to one account but also your social media, website, email and possibly even your bank account so choosing different passwords for everything is a really important point. You can use some sort of password vault such as LastPass which keeps all your passwords together in a secure location that you can access whenever you need to.
2. Delete your admin account
This is another important point. The default administrator account is ‘admin’ and so many hackers will try to guess the password of this account. However, they can’t try it if it isn’t there! Start by logging into your admin account and create a new user and then give them all the privileges of the admin account so that your new account can do everything. Then simply delete the admin account from your website. It’s something so simply that will stop a lot of people trying to brute force attack your website but it doesn’t seem to be a commonly used practise.
3. Change your wp-admin URL
Although I don’t do this myself because my website has a registration and log in function for it’s users, changing the URL to log into the backend of your site. The default log in for a wordpress account is http://yoursite/wp-admin so it’s easy for a hacker to find the admin login to try and log in to the backend of your site. There’s plugins that you can install to change this to something that’s much harder to find. Make sure to remember or note down the URL though or you might find yourself unable to get in and edit your site!
4. Security Plugins
Another great way to help with your website security is to install a plugin that will monitor your site for any unusual activity and will report it to you so you can take precautions against it. I use Sucuri which is free and will email you about all the activity on your website so you know what’s going on. It also has a way for you to block IPs, something I’ve had to do when I’ve noticed an IP trying to guess my password.
That’s just four of the ways you can keep your website secure but there are a ton of other ways not mentioned here. Feel free to post any comments about what you would recommend, I might even learn a thing or two!Follow us on social media: