Here’s 5 quick tips to help you secure your WordPress websites in less than 20 minutes. We look at ways to avoid hackers exploiting your WordPress and how-to protect your WordPress from brute force attacks by botnets.
1. Remove Inactive Themes & Plugins
Delete old themes and plugins you no longer use.
Hackers actively scan websites for particular themes or plugins with known exploits and security bugs. Inactive plugin and theme files are still accessible, so can leave your WordPress website vulnerable.
2. Update WordPress
Keeping your WordPress website up-to-date will make sure you have the very latest security patches and fixes for potential vulnerabilities.
It’s also worth regularly updating plugins and themes too. Just remember to always take a backup before updating.
3. Stop Using the Admin User
If you’re still using the default ‘admin’ username, create a new administrator user for yourself using a unique name and remove the default ‘admin’ user.
Hackers target the ‘admin’ user and will try to guess the admin password.
Changing the administrator user to anything other than ‘admin’ will mean these hacking attempts will fail.
4. Improve Password Security
Using strong passwords for your WordPress users will significantly reduce the chance of your WordPress password being cracked or guessed.
Add a password policy to your WordPress website by installing a plugin like WP Password Policy Manager. This plugin will make your WordPress users use complex passwords, force password changes and stop the reuse of old passwords.
Also try our 6 Tips For Better Password Security.
5. Protect Against Brute Force Attacks
Stop brute-force attacks on your WordPress websites by botnets in one easy step by installing the BruteProtect plugin.
BruteProtect blocks malicious bots and users from accessing your WordPress website.
It tracks login attempts. When there are too many failed attempts, BruteProtect logs and blocks that IP across the entire BruteProtect network of 238,685 WordPress websites.
Want more tips? Try Hardening WordPress via WordPress.org Codex.