Secure your WordPress site in 3 steps

WordPress is a fantastic tool for creating websites and has plugins for almost anything. However the default WordPress install is inherently insecure. Here is why

  1. It powers 30% of all websites so it is very popular and that lends it self to being a popular hacking target
  2. Most WordPress websites retain the default url set up so your admin is known to be at yourdomainname/wp-admin
  3. Most site owners don’t change the default username of admin

So a hackers bot can hit your login page constantly looping through infinite passwords until they hit success. This is called a brute force attack.

What can I do to secure my site?

Well help is at hand. Lets look at 3 things you can easily do to make a hackers job harder and prevent unauthorised access to your WordPress dashboard.

  1. Make sure you have an SSL certificate and that your website uses https
  2. Change the username to something random (not your name or the name of your organisation). See our article on how to change your WordPress admin username
  3. Install a security plugin. We recommend and use WordFence. See our article on how to set up WordFence

Leave a Reply

Your email address will not be published.