While this might not technically be a marketing post, most authors and small business run our websites off of WordPress these days. Our websites are important part of our marketing platforms. And should that platform get hacked or hijacked, it means time away from writing and sometimes money out of pocket to get it fixed.
Still, writers are not usually known for their love of technology. (Naturally, there are exceptions, like me.) We’ll leave the more complex security changes, like moving your WordPress install out of your root folder, to the techies.
For now, let’s look at the three easiest ways to safeguard your WordPress site in under five minutes.
1. Change your admin user name to something other than “admin.”
Hackers automatically target the admin account. Make it harder for malicious software to find a way into your account by changing it to something unique. While you can certainly make it your name (the biggest threat comes from software, not from an actual person), you might as well make it something that is not easily guessed. For this example, I’m going to use Jabba (in honor of my two sons who adore Star Wars.)
In order to change this, go to Users > Add New. Set up a new user named “jabba” with admin level permissions. Log out of admin and log back in with “jabba.” Now delete the user named “admin.” Depending on how your site is set up, you may be asked to transfer all your blog posts from “admin” to your new user name.
2. Make your password strong yet memorable.
Microsoft has a great post on how to create strong, complex passwords. A few ideas:
– Take a memorable sentence such as “I love WordPress.”
Compress it down to “ilovewordpress.”
Now change part of the sentence to symbols. It could be “1lovew0rdpress.” or “I<3wordpress.”
Add symbols, additional numbers, or capital letters in a way that will be memorable to you. “1<3WordPress2992.”
– Make a password out of the first and last letters of pet names, surrounding street names, or favorite book characters interspersed with random (or not so random) numbers
– DO NOT use family member names or birthdays, as these are the most common passwords and the most easily hacked. Remember, there is far more personal information about you and your family than you think.
3. Make sure you are using the most recent version of WordPress available.
Malware often trolls the internet for sites running outdated versions of WordPress in the hopes of exploiting security holes. For this reason, you should never list which version of WordPress you’re currently running. Most hosts (or your installer) will notify you when updates are available. Just don’t forget to back-up your site before you update. Sometimes chosen themes and plug-ins will not be compatible with the latest version… don’t want to break your site! (I speak from experience.)
**Bonus tip: Back up your site frequently. If you’re self-hosting, many host services will offer an automatic backup service as part of your monthly fee. Bluehost, for example, makes daily, weekly, and monthly backups of all data and databases in your account. However, it’s always good to schedule a manual backup before you make major changes.
Do you have any quick and easy tips for better protecting your site? Leave a comment below!