Countless sites work with WordPress software, and there are definitely a lot of reasons for that. WordPress is the most user-friendly CMS with developers, and you can basically do whatever you want with it. Unfortunately, this also has some disadvantages.
For example, if you do not change the default settings, hackers and some annoying users with a little too much curiosity can immediately find out where to log in to get access the administration area. In WordPress, you can type domain.com/wp-admin and it will take you directly to the login screen. At that point, it's just about trying to decipher your password. The most popular process used by hackers is pure force, which allows them to test several login combinations in a short period of time.
Give Time to Hackers
There are certain precautionary actions you can take to reduce the risk of your website being hacked.
Make a Backup of Your Website
Of course, this depends on how often your website is updated, but I would suggest at least one weekly backup. Several WordPress plugins can help you, but my favorite is BackupBuddy. BackupBuddy will cost you around $100, but it’s worth paying to restore your hacked website in five minutes.
If you're looking for a free alternative, you're in luck! Ready! Backup is a free add-on that allows you to create automatic backups, link them to FTP or Dropbox, and it restores your site quickly. I have not tried it yet, but most reviews have been positive so far.
Another option is UpdraftPlus. Which also has many positive reviews; however, it appears that the user interface is not as clear as it could be.
Limit Access Attempts
During a seminar program for Web designers, specialists stated that there is a small WordPress plugin called Boot Session Initiations, which allows you to reduce the number of botched login efforts made, and possibly ban an IP for a certain number of hours. Remember I talked about pure force attacks and the testing of several login combinations? Well, with this extra attack of brute force it will be much harder to achieve. The hacker needs many diverse proxies, since the add-in will still stop that IP address after a certain number of failed login attempts.
All options are customizable in this add-on. You can select how many failed login attempts are allowed, how long they will be blocked, and how many blocks will be needed to issue a temporary IP ban.
Do Not Use "Admin" As the Username
Most hackers try to get the password by trying to apply brute force to the administrator username. If you change your username to something else, it will immediately protect your website.
If you have already installed your website and have chosen "admin" as the username, do not worry. There is still a way to change it.
Create another Administrator User
The fastest way to do this is to register another user and then grant permission to the administrator. You can then log in with the new administrator user name and proceed with deleting the old "admin" username.
Change It via PHPMyAdmin
If you have many posts and pages assigned to your user and you do not want to reassign them, you can change your username via PHPMyAdmin. First ,log in to your cPanel and enter PHPMyAdmin. Select your WordPress database and go to the wp_users table. Click Edit next to your "admin" user and edit the user_login field with whatever you want it to be.
Avoid Easy Passwords
We know many people think, "Why would a hacker hack my website?" But these are the types of people who are more likely to be attacked. So, do not make it easy for hackers by selecting a password that is easy to guess. Avoid anything that has to do with your name, website name or other information publicly available about you. Also, always choose complex combinations of passwords.
Examples of strong passwords
Terrible OK Good
Password Brian1968! M "N (Ndzm @ 5Bh> Q5
briangriffin BrianG6819 x3ZG87} 4 ~ 5'E: m
admin GriffinB68 $ 5! # 4bbS9 [@nfLv]
brian * brian68griffin (* Hv3Zvq6r #} KJS
We know exactly what you must be thinking: how the heck am I going to remember those passwords? That’s a good question! I suggest using a password maintenance application like Dashlane. Yes, this opens up a potential risk if Dashlane is pirated; however, the chances of this happening are low. In addition, all data is heavily encrypted, so even if they are attacked, your passwords should be secure.
If you are the only person who uses your computer, you can also consider allowing your browser to remember your passwords, so you do not have to type them every time. In this case, make sure you have at least one correct password configured to log in to your computer.
If all else fails...
If taking all the preventive measures described above does not help, the next step would be to limit the IP addresses that are allowed to visit / wp-admin / section of your website. The easiest way to do this is to block all entries except your IP address with a .htaccess file.
Just create a simple text file in the / wp-admin / directory and rename it to .htaccess and insert the code inside it.
The first part of the code denies all access to the / wp-admin / directory except its IP address (xxxx), and the second part of the code allows access to the admin-ajax.php file, necessary for some arguments and add-ons they use that file. You can find more information about it on the WordPress Codex website.
About the Author
Hello, I am Che and I have been designing websites for over 12 years now for small businesses across the globe.
I have a real passion for helping small businesses achieve their online goals. I am a big believer in educating my clients so that they have the necessary skills to perform daily tasks on their web sites and online. All clients are provided with one on one training, and our training videos can be viewed on our website.
I started CheDesigns back in 2012 when I moved to Australia from the UK with my small but awesome family.
I believe that every small business, just like YOURS, should be able to have an online presence at a reasonable price, but with a website that will help generate leads and sales. I have spent enormous hours developing the perfect website platform that clients can easily use but that also helps gain them success online.
Even after CheDesigns builds your website we will still be here to answer any ongoing questions you might have.