WordPress is probably the most well known piece of open source software available right now, and one of the great benefits of open source is that everyone can have it for free. Everyone. Yes, that includes hackers and people with less-than-honorable intentions. Which is why I’m going to show you 5 things you can (and should) do to help secure your WordPress installation.
1. Delete the default admin user
Anyone who has ever used WordPress knows that the default login is admin and that it comes with all the privileges. Changing this user ID to something else will help prevent hackers from walking in the backdoor of your website and making themselves at home.
2. Choose a strong password
While deleting the admin username will deter most garden variety hackers and ne’er do wells, there are some who will simply not stop there. Choosing a strong password will make it that much harder for hackers to gain access to your site, So, what makes up a strong password? Not using your dog’s name, for one. Nor thinking your birthdate in numerals is a secure password. Instead, try using an obscure combination of letters and numbers for your password– the more obscure the better. Just remember to write it down somewhere or store it somewhere safe that you’ll remember.
3. Always update WordPress
WordPress has an amazing team of developers and coders behind it. In addition to the new features that are included with each new release, the team also addresses a number of vulnerabilities with each release. Updating your WordPress site as soon as you can after a new version is released, helps keep your site secure as well as up to date feature-wise.
4. Hide WordPress version
If, for some reason, you don’t have your WordPress site up to date, hiding your version number from hackers will at least not provide them with a menu of what they can do to your site. Being able to see what old version you’re running lets hackers know what vulnerabilities they can exploit to do their dirty work.
All you need to do to hide your version number from them is open your functions.php file in Appearance >> Editor (if you don’t have a functions.php file you can easily create one), and add this bit of code at the bottom of the page
<?php remove_action(‘wp_head’, ‘wp_generator’); ?>
Don’t forget to save the page after you do this!!
5. Don’t use wp_ as the database table’s prefix
When you are setting up your WordPress site initially, the default setting for the database table prefix is wp_. This is one of the first things those people with bad intentions will look for because it is one of the most overlooked things people do when setting up their sites. Simply adding a couple of characters to the beginning of this (changing it to something like bgwp_ ) is enough to make hackers move along to the next thing.
6. Backup & Antivirus
It hopefully goes without saying, but installing a backup plugin and doing regular backups can make all the difference in the world if something does go wrong. The last thing you want to do is lose all your content and work if your site is taken down by a hacker. By doing regular, full backups and storing them off your site (Dropbox, Amazon cloud service, even your local computer) you make it much easier to bring your site back to where it was, quickly and easily. Another thing you should not forget is to install a website antivirus.