It is a terrible feeling the day you realize that your WordPress blog security was compromised. When you’ve been hacked, it is like getting punched in the stomach. You’ve always heard how important it is to keep your site secure, but you never really paid attention.
Boom, you just learned the hard way.
Whether you know it or not, your site is constantly under attack. There are malicious crawlers, bots, and scripts trying to poke holes into your site. It might be happening right this second, and you’d never even know it until it is too late.
Here’s some tips to keep your site secure.
Updates, updates, updates.
There’s a reason that you see that band across the top of your WordPress dashboard screaming at you to update. Don’t ignore it! Virtually all WordPress core updates come with some level of increased security. The same goes for plugins. When security flaws are discovered in WordPress, the community is very quick to resolve them and push a new release.
Change your password regularly.
Yes, I agree. Updating your passwords is a massive pain. Keeping track of them all is ridiculously hard. Unfortunately, it just needs to be done. However, you need to go deeper than just your WordPress dashboard password. You should also change:
- Email Password. Remember, if I can get into your email, all I need to do is use the WordPress “Forgot my password” feature to get into your blog.
- Hosting Account Password. Why hack into your WordPress account when I can just get right into your host?
- Server Passwords. If you are using your own servers and hosting provider, there’s passwords for your database and FTP that need to be updated.
Take this stuff seriously. Just look how bad it ended up for LinkedIn.