Call your nearest office

Or ask us a question

Search our site

What are you looking for?

Contact us on 0845 504 8989

share

Over 20% of the web is now built on WordPress and this popularity makes it a common target for hackers. Read on for some simple useful tips to secure and harden your WordPress based website.

What’s the worst that can happen?

Whichever way you look at it your website is an extension of your business. It’s usually how your potential customers get their first impressions of your brand. Hacks can include defacing your website (and ransoming the fix !), causing visitors to download malicious code and sending out dodgy emails that look like they have come from you. All these things can harm your reputation.
Thankfully there are a few things you can do to protect your website:

Don’t use ‘admin’ as a username

This username is as common as it gets, and hackers know this. A technique called a brute force attack is used frequently and if they already know the username this makes it easier for them. We run security audits for many sites and the logs are filled with automated bots trying to log in using admin. As we don’t use ‘admin’ as a username we just ban them as its obvious they are up to no good.

If you are have admin as a username in WordPress the steps are simple to fix. Firstly create a new user with administration rights, then remove the user called admin.

Use strong passwords

The best passwords are complex ones. I realize these can be difficult to remember but the point is they are also more difficult to guess. Most users of WordPress will choose a weak password based on a dictionary word, and some even use the word ‘password’. Couple this with the weak ‘admin’ user mentioned previously and hackers could easily gain access to your site.

Thankfully, because of services like last pass, you can make your passwords as complex as you like, and you don’t need to remember them. Last pass has browser extensions and even mobile apps to auto fill the fields making logging into sites simple – and secure.

Keep word press up-to-date

WordPress sites often rely on plugins for functionality, and these plugins are usually updated regularly, not only for improvements but to close security holes. WordPress core is much the same. I have noticed a trend of websites being built and then left at the versions they went live with. You should check for updates regularly, set them to auto update, or get your favourite web developers to maintain the site when it goes live.

Security should be a regular routine for all WordPress site owners, and hopefully this post has given you some tips to start securing yours. There are of course many other (not so simple) steps you can take such as:

  • Blocking all but your own IP form accessing admin screens
  • Using ban rules on your server to block people who try and guess passwords/usernames
  • Enforce strong passwords for all users of your blog
  • Change the table prefix from wp_
  • Change the login URL from /wp-admin to something a little more secret
  • Add two-step authentication
  • Limit login attempts

Why make it easy for hackers when it is easy to protect your WordPress website. 

All sites we build come with security hardening as standard. We also offer WordPress maintenance services for managed updates to the CMS and plugins.

Be the first to comment

Our Partners

Companies we work with closely Find out more about our partners

Vacancies

IT Consultant

HW Technology are currently recruiting to expand our IT Support Team (full ...

See vacancy

Meet your team

To read more about us and view our profiles click below.

Meet your team

About Us

At HW Technology, we're proud of our history, values and clients. Why not find out more about us.

About HW Technology

Contact Us

If you'd like to get in touch with HW Technology simply use our contact form using the link below.

Contact HW Technology

Get in touch

Whatever issue or question you have, we’ve got the answer. If you want to get in touch then please complete our form.

HW Technology Chorley

Balmoral House,
Ackhurst Park,
Chorley,
PR7 1NY

HW Technology Exeter

3 Southernhay West,
Exeter,
EX1 1JG

 

Our addresses

HW Technology Chorley

Balmoral House,
Ackhurst Park,
Chorley,
PR7 1NY

Tel: 0845 504 8989

HW Technology Exeter

3 Southernhay West,
Exeter,
EX1 1JG

 

Tel: 0845 504 8989

Ask us a question!