Your WordPress site security starts with you: Tips to protect your blog

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email
Your Wordpress site security starts with you: Tips to protect your blog

Are you concerned about the security of your website or blog based on the WordPress content manager? This is a common headache for all our Premium web hosting customers, but if we know something at PlusPlus Hosting is that protection begins with you, so we are going to give you tips to protect yourself.

With over 15 years experience working in the technology area and Premium web hosting, managing thousands of accounts for our clients, we still learn more and more every day about human behavior in technology platforms. WordPress is the number one content manager in the world and therefore thousands of our users are turning to it to publish content for their websites.

Once installed the concerns about security begins. Something that you should understand when managing your website, whether through our Premium web hosting services or any other company, is that regardless of the protective measures the company takes or the hours spent recovering your website after an attack, the main defense starts with you.

Our support staff has served many customers and answered lots of questions, offered tutorials and gave advices on the subject. But usually, the biggest problem is always the same: creating passwords.

Now let’s start with some tips to better protect the integrity of your WordPress based website.

Select a complex Username and Password

A good password is useful, but so is selecting a good username for the administrator. No matter how good the security of a platform is, if your username and password match, things will get ugly.

This is an endemic disease on Internet, no matter whether for websites, email accounts or social networks, 90% of cases of attacks by hackers are related to low security passwords.

Earlier this year the website Gizmodo revealed the 25 most commonly used passwords on the Internet according to SplashData and the results are alarming with 123456 topping the list, followed by password, 12345, 12345678 and qwerty completing the top 5.

Similarly, the vast majority of WordPress site administrators leave the default username “admin”. That makes 50% easier the work of anyone who tries to attack your website. Moreover, passwords, as recommended elsewhere, must contain uppercase and lowercase letters, as well as special characters to increase their protection.

What is a complex password? One containing between 8 and 12 characters, an example would be this: *{H$7bIAVEJ!. Using complicated usernames and passwords, and changing them from time to time will greatly enhance the security of your website.

Change the wp-config.php route

Another layer of security you can add to your website is to move the location of the wp-config.php file, which is where the access credentials to MySQL database and WordPress keys reside, to a higher level, where it can not be accessed through the web. This will be explained in more detail on another occasion.

Additional HTTP protection in the administration section of WordPress

To add another layer of security, we recommend using the function of “Protecting folders” on cPanel, if you use this environment. By protecting this folder, you would be required to provide a username and password, which should not be the same as the cPanel or WordPress, as previously advised.

Restrict access via IP addresses

If your IP address is fixed, this is an excellent additional security layer, however, if your ISP gives you a dynamic IP, it will not help you. A WordPress administrator can access and edit the .htaccess file within “wp-admin” folder in your installation. With just a few lines of code in this file or in the root directory, you can block any attempt to access from IP addresses not allowed. We’ll delve into this on another time.

Using a Plugin protection

If you don’t have advanced technical knowledge, one of the hundreds of available plugins at WordPress can help you. A good option is “SiteGuard”, a plugin which includes several interesting options such as IP blocking, changing the path to the administrator, protection and blocking of failed login attemps, among others.

Consider your local environment

A very important consideration is to pay attention to your surroundings. You must consider the condition of the PC you use, where you use it and the people around you. Many of the non authorized access to your WordPress are due to the presence of Trojans or any other Malware on the PC you’re using and even people spying on your shoulder. It may seem obvious, but you’ll be surprised at the number of attacks that occur for this.

Use secure browsers

Using clean and safe browsers is always something you should consider. For example, do not access your WordPress administrator within a few minutes from browsing through a suspicious site. Using the Safe Browsing option on modern browsers is always recommended. Likewise, our Premium web hosting offers to install SSL certificates in your domain. Do not hesitate, this investment will save you a lot of headaches and it’s something that search engines encourages you to do.

Constantly update your WordPress

This may sound like an obvious advice, but many users overlook it. While WordPress is a platform with a proven track record, its developers actively review it and updated it. Among thousands of lines of code there are always some vulnerabilities and when detected, they are corrected. Keeping your WordPress, plugins and themes updated will give you peace of mind. If you don’t want to constantly update it manually, you can always enable automatic updates.

If you don’t use it, delete it

When WordPress is installed, it includes some default themes and plugins. If you are not using them, it’s better to remove them. First, because they take up space in your hosting and also can be a safety hazard if left alone for too long and, as explained above, not updated. If something is not necessary, better delete it and don’t take risks.

Remember, no matter the quality of your Premium web hosting platform or how secure WordPress is, security begins with you.


Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email

Table of Contents

Recent Posts

You May also be Interested

Avoid Your WordPress Sites Being Used For Phishing Or Spam

WordPress is the world’s most popular content management system (CMS) for a lot of very good reasons. You can setup a new WordPress site on a domain name very fast these days with the one click installation software that is available in cPanel with your premium web hosting service.

Using Your Domain Emails In The Gmail Interface

Do you have a Gmail account? How would you like to access email addresses for your domains via the Gmail interface? Gmail is very popular and there are millions of users. People like the Gmail interface and are happy to use it to access emails received to their Gmail email addresses.

How To Access A WordPress Installation With a Temporary Url

Many new customers ask us how they can test a WordPress installation that they have been hosting elsewhere and now they wish to move it to our Premium Hosting Services but how they can migrate, test the installation and have temporary wordpesss admin access in our system before point the domain definitely to our servers. They cannot figure out how to do this because WordPress installations are domain based.