WordPress is a fantastic tool for creating websites and has plugins for almost anything. However the default WordPress install is inherently insecure. Here is why
- It powers 30% of all websites so it is very popular and that lends it self to being a popular hacking target
- Most WordPress websites retain the default url set up so your admin is known to be at yourdomainname/wp-admin
- Most site owners don’t change the default username of admin
So a hackers bot can hit your login page constantly looping through infinite passwords until they hit success. This is called a brute force attack.
What can I do to secure my site?
Well help is at hand. Lets look at 3 things you can easily do to make a hackers job harder and prevent unauthorised access to your WordPress dashboard.
- Make sure you have an SSL certificate and that your website uses https
- Change the username to something random (not your name or the name of your organisation). See our article on how to change your WordPress admin username
- Install a security plugin. We recommend and use WordFence. See our article on how to set up WordFence