I’ve noticed over the years, that many wordpress blog sites have become prone to hacking, and eventually get shut down… which is a shame, as a lot of useful information gets lost along the way.
With just a small amount of work, wordpress can be made secure enough, that you are highly unlikely to get your site hacked.
Change your default admin username
Admittedly, this should be done when you create your blog, as its very difficult to change later (requires database changes). This is an effective method, as most brute-force hackers will assume a username of “admin” and then try a few obvious passwords to get admin access to your blog. by creating the default admin username thats something like: admin654, you make all the hacking attempts a complete waste of time for the hackers, as they need to guess both your username and password.
Use a complex password
This is something thats been taked about by security experts for many years. yet its easy to do, with just a bit of thought: Pick either a well known phrase thas you know eg: Mary Had A Little Lamb, and that becomes a password like: Mhall, then add a number that you know (eg you are born on 19 July: Mhall1907, and there you have it! You can mix this around, eg: 1907Mhall, or: 19Mhall07, or 07MhAlL19
Dont get your web browser to “remember” you login details
I’ve been hit with this problem in the past: sooner or later, you will get infected with a virus/malware. Its quite a simple for the infecting software to get all the saved browser details (website, usernames, and passwords), and then send them to someone who will hack every account you have… VERY dangerous. This applies to virtually every browser, as well as FTP clients like filezilla. So what can you do instead? Use software like keepass, it can store all your passwords, and you only need to remember 1 password to access keepass. You are trading security for the inconvenience of typing your keepass password every to you need to logon to a website.
Update WordPress
Another obvious and simple step: at least once per month, login to the wordpress admin panel, and make sure wordpress and all plugins/themes are fully updated. If you don’t update wordpress quickly, then your blog is at risk of an attacker using a flaw in the wordpress system to hack your website without even knowing your username/password!!!
Install a security plugin
For extra peace of mind, install a security pluging like: “WordPress File Monitor Plus”, and/or “Login Security Solution”
Once you implement these systems, you will find maintaining this security will only take a few minutes per month, so its a very worthwhile investment.