Protect Your WordPress Website From Hackers Online Training
Protect Your WordPress Website - FREE Online Training
This FREE online training contains valuable step-by-step instructions on how to:
- Discover how to protect your WordPress website
- Learn how to speed up your website
- What plugins to choose - and why
- Where to find them
- How to install and configure them
Join me, Alun Richards, as I reveal the secrets of increasing your security against hackers.
Just click on the graphic or click here for immediate access to my online training.
WordPress Security Scan – 3 Fundamental WordPress Security Tips
Do you have a WordPress website and want to know what the major security vulnerabilities are? Do you know the three minimum viable steps towards WordPress security that every WordPress website owner should know? Ever had a WordPress security scan?
This article is about WordPress security and getting the maximum protection for the minimum outlay.
You're a WordPress website owner and you’re probably concerned about hacking – and who wouldn’t be? In this article I share vital tips you must know to be properly protected against hackers. To ensure your website is not hacked and you lose everything, you need to read this article immediately to take your WordPress security to the next level.
WordPress Security Tip No. 1: Get the Free WordFence Plugin
Why is this important?
You need something to stop brute force attacks – the repetitive trying of different passwords over and over again. This is a very common tactic amongst hackers. The great thing is that you can protect against this sort of attack for free.
What is the tip?
The tip is to get hold of the WordFence plugin. WordFence does a number of things for you to improve your security, and one of them is to act against brute force attacks. It limits hackers guessing your password by locking them out after a number of failed attempts.
It also detects changes to your WordPress code, plugins or theme – which can be a sign of a malware attack. It monitors access attempts and the paid version even allows you to block specific countries and IP addresses which show signs of repeated hacking attempts.
How to implement WordFence
To implement WordFence, just go to the WordPress plugins site, search for the free WordFence plugin, download it and install it. You can even do this from within your WordPress site. Just go to the plugins tab, click ‘add new’ and search for Wordfence. When it shows up in the search results, click to install it.
This tip is priceless because …
For the outlay of precisely zero Dollars, Pounds or Euros you can protect your website against hackers. It’s not the whole solution, but as a zero-cost option, it’s one you should have in place.
WordPress Security Tip No. 2: Have Hard to Guess Usernames and Passwords
What is the tip?
This tip is simply to have hard to guess usernames and passwords for your WordPress backend. Yes, I know, am I really spending time sharing this with you? Yes I am, because it’s vital.
Why is it important?
This tip is important as it’s a security tip that won’t cost you anything, yet will pay dividends. And it’s the first thing a hacker may try to gain access to your site, as it’s the least amount of effort for them.
It’s frightening how many sites have an admin username of ‘admin’ and a password of ‘password’ or ‘test1234’ or even ‘12345678’. If you have a username and password this easy to guess you may as well have no security at all.
You may not see this as a problem, but as soon as you install WordFence, you’ll see just how many failed attempts at guess your password you get every day.
So how do you implement this tip to get better WordPress security?
WordPress will generate a very hard to guess password for you – you just need to ask it to! And if you have an admin user called ‘admin’ set up another admin user with a harder to guess username then delete the original one called admin.
WordPress Security Tip No. 3: Get Your Site a Robust Backup Plan
Why is this important?
No matter how good your security, a determined and skilled hacker can still get access to your site. Therefore you need a robust backup strategy so you can quickly and easily restore your site.
The alternative, once your site has been wiped out, is to rebuild your site from scratch, with all the cost, inconvenience and delays associated with that.
And this does happen, regrettably with increasing frequency.
What is the tip?
So whatever backup system you choose to use, you must have a reliable backup system in place. There are a number of systems around, but there will be one that suits your budget and needs.
How do they implement this tip to get better WordPress backup results?
For many people running WordPress, I now recommend VaultPress. It’s a backup system run by Automattic, the people who write WordPress itself. It’s robust, trusted and affordable.
Just seach for VaultPress, select the option that’s right for you, and once VaultPress takes its first backup, you’ll be protected.
Vital Bonus Tip - Get a WordPress Security Scan!
Now that you've got the three important tips for WordPress backup success down, I'd like to invite you to get even MORE advanced help with my bonus tip.
What is my bonus tip?
Many hackers gain access to your site through an out of date copy of WordPress. Older copies of WordPress have been found to contain vulnerabilities that hackers exploit. When WordPress identifies these vulnerabilities, a new version is issued. And, as with all WordPress code, this update is free.
If however your WordPress is not updated to the latest version, you can be leaving an easy access door available for any hacker. Many of the recent hacks are due to out of date WordPress code.
What’s true of WordPress versions is also true of your theme. Your theme, if not at the latest level, can be a source of attacks.
And what’s true of WordPress and your theme is even more true of outdated plugins.
Keeping Everything Updated
The trouble is, keeping WordPress, your theme and all your plugins up to date is a considerable drain on your time. If you miss an update, your site can be vulnerable. And the longer you leave it, the more threat it poses.
Is there an answer?
I response to this problem, I offer a cost-effective service to ensure your WordPress website is up to date. I carry out a WordPress security scan of your website. That’s WordPress itself, your theme and all your plugins.
And I don't just do this once, I do it regularly. I actively monitor your site and take action to update any component that is out of date and hence a vulnerability.
Next Steps - WordPress Security Scan
If you're a WordPress website owner who wants to ensure you always have the latest version of WordPress, each plugin and theme then get my WP Maintenance Service - NOW!
Click Here For More information: http://wptrainingnow.com/blog/wp-maintenance
WordPress Security Practices – Thwarting The Hackers
Here's a short video on WordPress security practices. It covers what you can do to improve the security of your WordPress website. We all know that hacking is on the increase and you risk losing your entire site in a hack.
But is there really anything you can do to prevent a hacking attack? Watch my short video and decide for yourself!
WordPress Security Practices
Here is a summary of the actions YOU can take today to improve the security of your WordPress site.
- Keep WordPress up to date
- Keep your plugins and theme updated
- Avoid brute force attacks
Once you've watched the video, it may be obvious what your next steps are. In that case, just get those things implemented today, and harden the security of your site.
On the other hand, it may be that you need a little advice on the best way to go for you and your site. As WordPress security can be a complex issue, I'm happy to help you out.
If you'd like a no-obligation chat about the security of your site and how it can be improved, contact me, Alun Richards, here: http://wptrainingnow.com/blog/contact
WordPress Security Best Practices – How To Thwart The Hackers
You hear people talking about WordPress security best practices - but what are WordPress security best practices? What do they involve, and can you implement them yourself?
You may of course be worried about people getting into your WordPress site. You should be! This article lets you know the ways hackers normally hack your website so you can safeguard against them.
Fortunately computer hacking is not really like you see in the movies. Hackers don't typically plug in a fancy computer and run a bunch of numbers. Usually the way people get into your website is through an out-dated version of WordPress, out-dated plugins or themes with vulnerabilities, and easy to guess usernames and passwords.
Did you know that Al Gore's blog has been hacked, CNN blogs have been hacked, and these all happened because they used older versions of WordPress. But as soon as these high profile blogs were hacked, the creators of WordPress released a newer version that prevented these kinds of attacks.
WordPress Security Best Practices
The good news is that having good protection against hacking is more about putting best practice procedures into place rather than spending a fortune with a security consultant. So what is my advice regarding WordPress security best practices?
1. Keep WordPress Up To Date
One of the biggest vulnerabilities, as we've just seen is with out of date copies of WordPress. That's why it's a very good idea just to keep your WordPress version up to date.
Usually when WordPress fix a problem, it's a small and obscure bug and you can upgrade the latest version in just one click. In your WordPress dashboard, go to the updates area and they will tell you either that WordPress is up to date, or that it needs an upgrade. Click that button and you are good to go.
Incidentally, WordPress is not especially vulnerable to hacking, it's just that as it powers about 25% of the websites worldwide, a lot of people know a lot about it. And hackers in particular, exploit the tiniest vulnerability again and again.
2. Keep Your Plugins Updated
It's no good having an up to date WordPress version if some of your plugins still contain those security holes. If you are really worried about it then do a few Google searches for the plugins you're using on your site and see if anyone has reported security holes or flaws with these plugins or themes.
A widely publicised security hole in the past was due to a WordPress plugin called Tim Thumb. This was a way to resize images in a theme so you could upload a picture or a logo to that theme. Unfortunately, the way that it resized that image allowed someone to gain access to the associated WordPress site.
If you happen to have one of those plugins or themes, all you had to do was do a quick search and update the latest version of that plugin or theme, that fixed the issue. Now on a very-very rare basis, some plugins are simply no longer updated, but if they aren't a Google search will tell you this, that you are using an insecure plugin that has no updates, and in that case it's a good idea to stop using it and find an alternative.
3. Avoid Brute Force Attacks
Even with the most up to date WordPress and most up to date plugins, most hackers gain access to your WordPress by simply guessing your username and password. Trying common usernames and passwords repeatedly is called a brute force attack. For example, by simply trying to login using the username Admin and password Admin, or username Admin and password Test.
So if you have an admin user called admin, we need to correct that. What you should do is delete that Admin user after setting up a user account using (say) your first and last name, and a password containing letters and numbers that no one will ever guess.
One of the security plugins I recommend is WordFence. This forces you to choose a hard to guess password and allows computers who have had repeated attempts at guessing your username and password to be locked out.
WordPress Security Best Practices Summary
In this article I've covered some of the easy ways that hackers use to get into WordPress - and how you can protect yourself against them. In short, keep your version of WordPress up to date, and keep your plugins and themes up to date too. Google the names of the plugins you're planning on using to make sure that there are no vulnerabilities in them. And above all use hard to guess usernames and passwords in WordPress.
Just by doing this you are making your WordPress site harder to hack. And it may be that a hacker will turn his attention to a site that's easier to hack. If you'd like to know whether your WordPress site has vulnerabilities, just contact me for a no-obligation chat here: https://www.wptrainingnow.com/blog/contact/
