One of the things you enjoy when you’re blogging on the Google owned Blogger platform is security. With a strong password, 2-step authentication enabled and your blog email undisclosed, you definitely have a high degree of security. I wasn’t so security conscious while on blogger but things changed the moment I moved to WordPress. WordPress is quite cool with all the features Blogger lacks, but it also comes with lots of security issues that may make you lose your blog if overlooked while pen testing. And if you’re asking, “what is penetration testing” – then I’m about to give you the rundown.
I’m not saying that taking these measures completely protects your blog from getting hacked 100%, it only reduces the risk of someone taking advantage of the vulnerabilities.
The tips below are recommended for any WordPress user who isn’t yet aware of the risks:
1. Use a very strong password & never disclose it
I’m sure you’ve heard this a dozen times before and you definitely know that using a password that can be easily guess is pretty stupid. Never use a dictionary word, your phone number, a name or anything that can be guessed. Your password should be a combination of random characters consisting of letters, figures and symbols. Something like h&?iG_4rG.%# is a pretty strong password that can’t be easily gotten through bruteforce attack.
No matter how strong your password is, disclosing it to friends and relatives is enough to compromise it. Do not tell anyone your blog’s password as that same person may later lock you out just for revenge, fun or something personal. Someone else who doesn’t like you that much might also get if from that person–think about it.
Having a password compromised can affect more than just your blog’s security – it can mean that your identity is at therisk of theft. If your personal information is exposed to malignant eyes, a clever thief can take it.
2. Never use ADMIN as your default username
Someone needs your username and password to login to your account, right? Most people keep the username ADMIN when installing WordPress and this a big security risk. Besides, there are bots all over the internet that try to gain access to WordPress installations using admin as username.
3. Always update your WordPress software
When a WordPress update is released, you should know it’s to address a security issue or to introduce new features. Always update your WordPress installation as soon as possible especially if there’s a security bug in the version you’re using. Hackers often look for vulnerabilities in versions known to be susceptible to attacks.
However, you should try backing up your installation before upgrading as something might go wrong.
4. Install security plugins
There are lots of security measures that should be taken but most of these can’t be done manually except you’re a real WordPress geek and wouldn’t mind breaking a few things. Installing security plugins can do more for you than you think. Your WordPress version should be hidden, error information should be removed from login page, core update information should be hidden from non-admins, there should be an index file in some of our WP installation directories, but trying to do these one after the other might take some time. Certain plugins are specially made to address these issues:
These plugins perform different functions and you should read about them to know more. However, I strongly recommend iThemes Security.
5. Backup your database
Anything can go wrong anytime and using all the security plugins in the world isn’t enough to secure your WordPress blog. You should backup your WordPress database and files on a regular basis so you can restore it if something goes wrong. There’s a plugin that easily does this and even backs up your files. UpDraftPlus WordPress Backup Plugin backs up your database and files and sends the zipped file to you as email daily or weekly depending on your settings.