3 Tips For Securing Your WordPress Site

Posted in WordPress3 months ago • Written by Jim Daniels11 Comments

Most people have a less than vigilant attitude when it comes to website security.

They think.. “Hey, why would anyone want to hack my website anyway?”

Well even if you don’t have much traffic or income at your site, you need to take steps to secure it.

Because most hacks are not personal in nature, they are done by bots and scripts designed to seek out and affect the largest number of websites possible.

These bots do not distinguish sites personally, they simply look for vulnerabilities and attack.

chuckm

And yes, they have motives. In fact, there are lots of reasons for hacking even small mom and pop sites including…

1. To send spam from your server (that’ll get you blacklisted)
2. To install malicious code that spreads viruses to your visitors (so they can steal from them)
3. To add web pages that steal your search engine ranking
4. To steal your affiliate commissions
5. To steal your traffic

And the list goes on and on.

“Botnets” use hundreds of thousands of unique IP addresses (from compromised/hacked ‘Zombie’ computers across the world) to attack hosts across the globe, specifically targeting WP Blogs.

So how can you protect your site?

Well, at the very least you should take the following three steps:

1. UPDATE WORDPRESS REGULARLY

WordPress security holes are regularly addressed and fixed with each new version.

That is why it is important you always update WordPress to the latest version.

The older the version of WordPress you are using at your website, the more susceptible your site will be to attacks.

Luckily this is quite easy. WordPress introduced a new feature in 3.7 that performs updates automatically.

When you install WordPress simply choose to have updates performed automatically to patch security bugs and errors that have been found.

300x250_1a
2. KEEP PLUGINS AND THEMES UPDATED

Bots love to target themes and plugins with security flaws.

One of my main sites was hacked a couple years ago due to a plugin with a security hole and I didn’t know they were stealing my traffic for months!

In fact, more than half of successful WordPress hacks are a result of security holes in themes and plugins.

That’s why it is important to pay attention to the plugins installed and activated on your website.

Always deactivate unused plugins and remove them.

Also be wary of plugins that have not been updated within a year or so and try to use only plugins that are updated regularly.

3. LIMIT LOGIN ATTEMPTS AND DON’T USE ADMIN OR THESE PASSWORDS:

Automated bots mainly target /wp-login.php and /wp-admin to try and get access using brute force.

That’s why you should limit login attempts via the plugin you can choose when installing WordPress.

And never use the hackers main username target for login attempts — the default username “admin”.

Change it to something else and delete the admin username.

Then choose a STRONG password.

The top passwords targeted include some fairly obvious one’s, so make sure you’re not using something as weak as any of these:

admin
123456
666666
111111
12345678
qwerty
1234567
password
12345
123
123qwe
123admin
12345qwe
12369874
123123
1234qwer
1234abcd
123654
123qwe123qwe
123abc
3123qweasd
123abc123
12345qwert

If you are using one of these passwords then you may already be hacked and not know it!

Again, one of my main sites was hacked a couple years ago and I didn’t know they were stealing my traffic for months!

So again, the most important thing you can do right now is:

1. Keep WordPress updated regularly and automatically
2. Update plugins and themes regularly and automatically
3. Limit login attempts with the free plugin that comes with WordPress installs
4. Make sure you don’t use admin as your username and choose a super strong password
5. Consider getting this complete WordPress Security Plugin Suite to secure your blog now:

(You can also use those premium plugins to offer a high value service to your clients!)

TAGS: , , , ,

11 Comments so far. Feel free to join this conversation.

  1. Morris Swinamer July 8, 2016 at 11:28 am - Reply

    Jim,

    I have been a subscriber of yours for years and absolutely look forward to each and every message/post.

    In my opinion, you are #1 because you keep putting out content designed to move everyone forward if they choose to follow your advice.

    Thanks again, Jim for leading by example!
    Can’t think of a better man to look up to!

    Morris
    PS. Picking up a new laptop this weekend so I can proudly put to use my recently purchased 1Click WP plugin.

    • Jim Daniels July 8, 2016 at 4:19 pm - Reply

      Hi Morris, I always enjoy hearing from long-time readers. Thanks so much for the kind words. Also, check your email as I just sent you a gift for commenting. Good luck with the new laptop and let me know how you make out with that 1-click affiliate site building plugin! I just built two more sites with it myself. 😉

    • Darren July 8, 2016 at 8:25 pm - Reply

      Hi Morris,

      I am looking for a new laptop. what type and spec’s did you buy?

  2. Tom July 8, 2016 at 11:58 am - Reply

    Most people don’t realize that their site has been hacked for more than 150 days.

    Also, all themes and plugins that are inactive should be deleted.
    You can always reinstall later, but delete if not in use.

  3. Darren July 8, 2016 at 8:24 pm - Reply

    Hi Jim,
    Thanks for the blog post. I am a long time subscriber of yours and read your posts more than any others. they are insightful and honest.
    I was getting spam posts a few years ago on an old site and even though I wasn’t earning anything of the site it was annoying and destroyed any credibility that I had.
    Cheers for now

  4. Al Conlee July 8, 2016 at 10:44 pm - Reply

    Jim , I have been keeping your emails now for about 20 years. I think its about time to start using them, and putting them to good use. I have always had cold feet, and felt blank minded when I set at the computer. Now retired it’s going to be useful. Thanks for your patience and persistence.
    Al.

    • Jim Daniels July 10, 2016 at 9:42 am - Reply

      Hi Al, nice to hear from you. Wow, such a contrast — Kelley who posted below is brand new to my sites and you’ve been around 20 years! Just goes to show it is never too late to get started in online marketing. But your’re right — the real secret to success online (and offline) is to take action!

  5. Kelley T. July 9, 2016 at 12:55 pm - Reply

    I am new to your material and site having just purchased your ezWebbusiness builder package and am going through the material now.

    Great stuff- both the course and the article above!

    Thanks,

    Kelley T.

    • Jim Daniels July 10, 2016 at 9:34 am - Reply

      Thanks Kelley, I appreciate the kind words. Check your email, I just sent you a gift for taking time to post a comment here!

  6. Jim Jarvis July 10, 2016 at 5:51 pm - Reply

    I have been on your list for a long time.
    I always check out your thoughts on any
    thing I am contemplating buying or doing
    because I know that way I cannot go wrong.
    Thanks for all the info you have put out over
    the years..

    • Jim Daniels July 11, 2016 at 9:38 am - Reply

      Thanks Diamond Jim! Always nice to hear from you. 🙂

Leave A Response

From: Jim Daniels

minijimComment & Win Instantly...

Everyone who comments on a post during Sept 2016 will get my $37 Web Money Pack (with PLR) free.

Here's the package I'll send you.