29 Apr 2014 /
by Sarah Lewis

in Doing it the Easy Way, Doing it the Right Way

Five minutes to a more secure WordPress site

There are many great plugins and guides to improve your WordPress site’s security, but if you don’t have the time to dig into those, there are a few things you can do in just a few minutes that will help.

Keep WordPress and plugins up-to-date

If you’re using managed WordPress hosting or a good backup solution, this is trivial in most cases. If you’re not, it may take longer than five minutes to remedy, but it’s certainly worth it (because right now, you’re pretty much issuing a written invitation to hackers).

Would you rather pay a little money and have someone handle this all for you? There are folks who do that!

You are the weakest link

The easiest way for a hacker to get into an up-to-date WordPress site is to (automatically) try a bajillion combinations of usernames and passwords to try and guess yours.

If your username is “admin” (the default), you’ve just made it way easier to guess.

Similarly, if you use a password with your name in it, a sequence of predictable numbers (123456, anyone?!), or a word that’s in the dictionary (even if you cleverly replace the “i”s with “1”s and the “e”s with “3”s!), you’re prime pickings.

Fortunately, the solution is easy: don’t use “admin” for your username, and do use a strong password. (I highly recommend LastPass for both generating good passwords and helping you remember them!)

If you have other people who log in to your site (whether they’re contributors or tech folks), install the Enforce Strong Password plugin (so even if they change the password you give them, they’ll still be using something sturdy). And definitely give them their own logins and don’t just hand out your personal password willy-nilly.

Don’t hang around for hackers

The last simple step is to install the Limit Login Attempts plugin. This helps prevent hackers from even trying those bajillion combinations of login information (though it’s not a substitute for having a decent username and good password!). Once they try to log in a handful of times (and fail), it locks them out from trying again.

What next?

The specifics depend on your site, but if you want to lock your site down further, you have options. Here are some I’ve recommend to other site owners:

Sarah builds websites and systems with equal ardor, and she’s at her happiest when waffling something unexpected. She’s anxiously awaiting solar freakin’ roadways and also transporters, and doesn’t much care for writing about herself in the third person.

This content was originally published here.