It is a terrible feeling the day you realize that your Wordpress blog security was compromised.  When you've been hacked, it is like getting punched in the stomach.  You've always heard how important it is to keep your site secure, but you never really paid attention. Passwords

Boom, you just learned the hard way.

Whether you know it or not, your site is constantly under attack.  There are malicious crawlers, bots, and scripts trying to poke holes into your site.  It might be happening right this second, and you'd never even know it until it is too late.

Here's some tips to keep your site secure.

Updates, updates, updates.

There's a reason that you see that band across the top of your Wordpress dashboard screaming at you to update.  Don't ignore it!  Virtually all Wordpress core updates come with some level of increased security.  The same goes for plugins.  When security flaws are discovered in Wordpress, the community is very quick to resolve them and push a new release.

Change your password regularly.

Yes, I agree.  Updating your passwords is a massive pain.  Keeping track of them all is ridiculously hard.  Unfortunately, it just needs to be done.  However, you need to go deeper than just your Wordpress dashboard password.  You should also change:

  • Email Password.  Remember, if I can get into your email, all I need to do is use the Wordpress "Forgot my password" feature to get into your blog.
  • Hosting Account Password. Why hack into your Wordpress account when I can just get right into your host?
  • Server Passwords.  If you are using your own servers and hosting provider, there's passwords for your database and FTP that need to be updated.

Take this stuff seriously.  Just look how bad it ended up for LinkedIn.

Try using a password generator to help you make a more secure password.  

Take the Offensive.

Be proactive and install some security enhancing plugins.  Here's a few we recommend.

Wordpress Backups.

This one isn't really a preventive measure.  It really is designed to help you quickly recover.  You need to be doing daily system wide backups.  If the worst happens, you will then be able to restore to relatively recent version of your site without major losses.

There are third-party vendors that will handle the work for you for a small fee.  Many hosting providers do this automatically, but do not assume.  Make sure you find out how long they store backups.

Comment