Simple Security Tips For WordPress in 2018

With high profile security incidents becoming more and more prevalent, it is essential for you to take some simple steps to protect yourself from hackers.

In today’s Podcast Episode and post, you will get several simple WordPress security tips from not just myself, but several community members that have either been hacked previously or have taken proactive steps to protect their sites.

Be sure to subscribe and listen to today’s Podcast Episode via one of the links above, for 2 additional bonus tips not mentioned below.

Simple WordPress Security Tips

Always Use Domain Privacy – If you don’t, you’ll not only get inundated with spam from people selling services, but you will also be subject to additional scams, phishing attempts and others trying to trick you into transferring your domains over to them.

For domain registrations, I recommend you keep them separate from your hosting account and I utilize and endorse NameCheap. They are my go-to choice for inexpensive registrations and just as importantly, consistent and inexpensive renewals. They provide free domain privacy when you register a new domain name.

Set Domains For AutoPay – This isn’t necessarily a security tip, but it was a good tip from a community member to avoid losing your important domain assets and prevent yourself from being subject to scammers.

People are always watching for expired domains and they can purchase your domain names if they expire and try to sell them back to you for highly inflated prices. At a minimum, stay on top of your domain renewals and be sure to renew them in advance to avoid being hijacked.

Change Your WordPress Login Account / Password – One thing I always recommend when installing WordPress is to not only make your password unique and highly secure for each of your websites, but also change the default account name from admin to something else.

When hackers attempt brute force login hacks on your website, they will most likely be trying the default admin account, since most people probably do not change it from the default.

Changing the default account is easy to do during the WordPress installation, but a little more difficult after the fact. There are some manual ways to do so, but I’d recommend using a plugin like Username Changer to make things easier. Then when you are done, just uninstall the plugin.

And also, be sure to have different accounts/passwords for each of your websites and do not you not utilize a password that you use for other online accounts.

These days it is becoming more and more common for user names and passwords to end up being released to hackers on the “dark web”.  Some high profile hacks of accounts and passwords include LinkedIn and Yahoo Mail.

When lists like that become public, hackers can attempt to connect your account/passwords with other sites such as financial sites and other assets you might have like websites and online businesses.

For that reason, I highly recommend you have a different username and password for each of your websites and keep them completely different from any other account/password like email, bank accounts, etc.

Always Install a Plugin That Limits Repeat Logins – Brute force login attacks are one of the most common ways people will attempt to hack your website. They will hit the login page of your website over and over, trying known or obvious login/password combinations.

A plugin which limits login attempts can block repeated attempts from the same source, in an effort to prevent login related hacks.

There are lots of different plugins out there that can help with this one.