WordPress Security Plugin Mistakes – And How To Avoid Them
December 27th, 2015 Tags: WordPress Security Plugin mistakes
Posted in Essential WordPress Plugins Webinar, wordpress plugins, WordPress Security
Do you know the three biggest WordPress security plugin mistakes owners make that leave their websites wide open to attack by hackers? If you want to make your website secure and avoid the WordPress security plugin mistakes that stop most people dead in their tracks read this immediately because the killer mistakes and what to do instead are inside this article.
Mistake No.1: Not Keeping Your Plugins and Themes up to Date
What is the mistake?
The mistake here is simply not keeping your plugins and themes updated to the latest level. The same also applies to keeping your WordPress version up to date.
Why is it a mistake?
This is a huge mistake because you're not benefiting from the corrections that developers continually make to fix the security holes they discover in their code. And any vulnerabilities with WordPress, popular themes or plugins are quickly exploited by hackers.
What should you do instead?
Instead of leaving your plugins, themes and WordPress versions on old versions, simply update them when new versions are released. It's as simple as that. These days, most plugins, themes and the WordPress base code will prompt you to update them to the latest level when a new version is released. It's just a question of clicking on 'Update' in your WordPress Dashboard.
Mistake No.2: Not Creating Secure Passwords
What is the mistake?
The mistakes here are to first of all use 'Admin' as the administrator username and something like 'password' or 'test1234' as your password. This is just asking for trouble.
Why is it a mistake?
This is a mistake as the default username 'Admin' is consistently the most common username used by hackers to attack your site. They know that so many people do not change the default username, and so they already are 50% of the way into hacking your site. They now only need your password.
What should you do instead?
Instead of creating insecure usernames and passwords, you should always use a hard to guess administrator username and a secure password. Having a secure password is easy, as WordPress itself will generate one for you.
Now you just need a utility like LastPass or Roboform to store all your passwords securely so you don't forget them.
Mistake No.3: Not Using a Plugin That Stops Brute-force Attacks
What is the mistake?
The mistake here is to not select a security plugin that has a function that detects and blocks brute-force attacks. These are attacks where many tens (or hundreds) of passwords are attempted by the hacker in rapid succession.
Why is it a mistake?
Brute-force attacks are the most common type of hack that to which your website can be vulnerable. And they are fairly easy to prevent if you have the right tools.
What should you do instead?
Use a security plugin that stops brute-force attacks by locking out a user if they incorrectly attempt to login more than a set number of times. You may decide to set this limit at 10 failed logins. If you do, a hacker will be locked out and unable to access your site for a period of time.
Don't set this tool low, as if you get your password wrong 10 times (in this example), you too will be locked out! Although better security plugins will allow you to whitelist your own IP address.
Summary of WordPress Security Plugin Mistakes
Now that you know the top three WordPress security plugin mistakes and how to avoid them, I'd like to invite you to take your next success steps with free instant access to my "Essential WordPress Plugins Online Training."
If you're a WordPress site owner who wants to make your site hacker-proof then my "Essential WordPress Plugins Online Training" will help you to both speed your site AND make it secure!
Click Here For More: http://alunloves.it/plugins
CLICK HERE: Discover a New Solution To Keeping Your WordPress Site Up To Date
Comments are closed.