If a site asks you to login, then someone will try to hack it. WordPress is no exception. The good news is it’s really simple to make your site even more secure.
1. Strong Passwords
This should be a no brainer, but people continue to use simple passwords. I’ve seen major companies using horribly easy to guess passwords. WHY?!
Now you don’t need to go all crazy and make something you’ll never remember, just get creative. Like cowsEatingIceCream4fun! or I’mBrining$xyBack4u. Those passwords have a lot of characters, include a number, and a special character, however, chances are you can remember them. According to one of the password testing tools, the sexy one will take a computer 364 quintillion years to crack. That’s a long time!
2. Remove the admin user.
Every WordPress blog has an admin user by default. Not sure why. You’d think that WordPress would stop setting this up, but it still happens.
It’s really easy to remove too. Just create a new account in your blog and set it up as an administrator. Then log out and back in as that new user. Now delete the admin user and transfer all the posts to your new user. Done. Takes about a minute.
3. Limit the number of login attempts.
If a hacker is going to try to break into your site, they are going to try over and over and over again. You can actually limit login attempts with a number of different plugins. This plugin basically says that if someone fails to log in 4 times in a row, lock them out for 20 minutes. If they continue to try to fail, lock them out for a day.
Security on the internet is a big issue and unfortunately it’s taken too lightly. I’ll admit that some of my passwords are not very good, but I’m getting better. Having a password application like 1Password really helps. With this, I can create crazy passwords that I’ll never remember and let that app remember them all.
Take 10 minutes right now and remove your WordPress admin user, update your password, and install a login limiting plugin. Then you can rest easy knowing that you’ve made it harder to get hacked.