WordPress Security

WordPress is an extremely powerful and robust web hosting platform and is used by most of websites hosted here.

WordPress sites can, however, be hacked if proper security measures are not in place.

Here are the basics of protecting your Word Press site from harm:

1. A strong password.

When your WordPress site was set up, you were given a password and user name that is extremely strong. Be sure to keep a copy of that password in a safe place.  If you change the password, make sure the new one is as long as the original, contains upper and lower case letters, numbers and at least one punctuation mark.  Do not use recognizable name or phrases. Also, if you are using the Premium Service, and/or are having Imogen making editing changes on your site, let her and me know the new password. Here is a useful method to create a powerful password and user name that can be easy for you to remember, without compromising it’s effectiveness.

2. A Word Press user name that is not “admin”.

WordPress originally required all sites to use admin as the user name and made it quite difficult to change that name.  Now other names are possible and I recommend a name with the same complexity as the password  (with the exception that no punctuation marks are allowed).  This will go a long way towards blocking hackers, and so-called “brute force” attacks. Changing “admin” to something else is widely recommended now by security experts. All new hosting accounts here now come with a very powerful user name.  If your current user name is admin, and you’d like to change it, contact me here and I’ll go over the options with you.  You can contact me here: AlexTechExpress.com/support

3. Back-ups of your website.

Backing up a WordPress site is considerably more complex that is the case with “old fashioned” .html sites.  All WordPress accounts hosted by me are backed up once a month by MyRepono for a total of 3 back-ups at no charge. Secondary back ups are also provided by ManageWP.com These back-ups are stored at locations different from the site itself and can be used for one-click re-install in case of a problem.  This is a feature that is not usually included with most web hosting plans. Having back-ups of your website means, in the unlikely event your site is hacked, that your website can easily be restored.

4. Temporary disabling of your site’s log-in page in the event of suspicious activity.

InMotionHosting, the company that hosts sites here is extremely knowledgeable and pro-active when it comes to security issues.  If there are a lot of log-in attempts on your site (a strong sign of a brute-force attack) the log-in page is temporarily disabled by their software – usually for 10 or 15 minutes. While this might at times be a temporary inconvenience, it is a very powerful way to safeguard your site.

5. Keeping WordPress and plug-ins up to date.

WordPress and most plug-ins make fairly frequent updates and it is important that you don’t let your site get too far behind their latest versions.  Doing so poses a security risk and if updates are left undone for a long time, it may become impossible to update your site. All WordPress sites hosted with me have WordPress itself, and all plug-ins, updated every week or so.

6. Keep your password and user name safe.

The best place to store a copy of these is on paper, kept in a safe place.  Be sure to
never sign in to your site while using a public Wi-Fi network unless you are using a Virtual Private Network (VPN) installed on your computer. (This is equally true for any secure log ins you do using Public Wi-FI – your email, for example.) The free version of Hotspot Shield
is a popular and well-regarded choice. Click here to read a New York Times article about Hotspot Shield

Image rights purchased from rf123.com