If you’ve ever fallen victim to a WordPress hacker, you are familiar with the rage pulsating through your veins as you reassemble your digital things. If you haven’t, your future self will thank you for taking the necessary precautions needed to prevent this from happening to you.
Default to Strength
The first thing you need to consider is the way you choose username and passwords. Do not use “admin” for your username or your password. This is default and hackers count on it. Ensure your password is unique and strong. Choose a username that is not your e-mail address. As much as it’s a pain to create new information, this is the weakest point of unauthorized entry and it’s worth the creativity.
WordPress uses the prefix “wp_” as the naming convention for all the database table prefixes. By leaving this information as default you allow malicious automated scripts to inject your database with gross stuff. When you’re installing WordPress, have a look in your wp-config file for
to something unique.
Put up another roadblock by password protecting your admin folder. You may consider this overkill but believe me, you are better safe than sorry, especially if you are being counted on to protect client sites. In your hosting panel or htaccess file, set-up folder protection and use a different username and password than your WordPress login info. You now have two locks on the door.
In addition to keeping all your plug-ins up to date, there is a trusty plug-in called WP Security Scan that will scan your install and recommend ways to tighten things up. It will help you hide your version of WordPress and take away any clues from your sites Metadata so that nosy people won’t be even be able to pick up a CMS scent.
Keep your back up
Alas, if it can be built, it can be hacked. Always ensure you have a back-up and a plan for dealing with emergencies so you can get back up and running as quickly as possible.