Tips to Secure Your WordPress Site Against Hackers

WordPress is an extremely powerful website platform that has been utilized by web developers over the past decade to build anything from blogs to e-commerce sites. In fact, the blog post you’re currently reading is built on WordPress – as many other sites that you probably visit each day. What’s also risen in the past decade are cyber attacks on WordPress sites, which can be alarming if your business depends on having a working site. Here are a few tips to keep your WordPress site secure.

Lock Down Your Admin Account
When you first signup for a WordPress account or you decide to self-host, your website is controlled by an administrator account. By default, the name of a WordPress administrator account is ‘admin.’ While this username is easy to remember when you want to log in, it also gives hackers half the information they need to hack your website. Start by changing the default ‘admin’ login to something different – think of a username that is easy to remember, but also not obvious such as your business name. In addition, be sure that your password is a strong alphanumeric combination and isn’t based on something easily guessable such as your birthday or a pet’s name.

Read More: Here Are the Most Common Passwords, Ranked

Keep Everything Up To Date
No matter what device or service you’re trying to protect, it’s essential that your WordPress site is updated regularly to combat security threats. Unfortunately, in a recent survey, it was found that almost half of all WordPress sites are not updated to the latest version. Don’t concern yourself with the momentary downtime to perform a critical update, many hosting companies now do automatic updates for you. If your hosting company doesn’t provide this service — don’t ignore notifications to update, it really is painless and only takes a few minutes.

Change Your Login Address
You can generally access the login of a WordPress site by typing in the website address and adding ‘/wp-admin/’ to the URL. For example, if Google was hosted on WordPress, you would head to ‘www.google.com/wp-admin/’ to gain access to their login prompt. By leaving this login address at the default value, you’ve basically shown hackers to the front door. Consider changing the default login to something more unique to keep hackers guessing. After all, if you knowingly give them access, can you blame them once they break in?