Recent news had it, that thousands of WordPress sites with an administrator username set to ‘admin’ or ‘Admin’ were hacked via large scale brute force attacks. A majority of these attacks were dictionary based attacks that attempted to find the password for the username ‘admin’ by trying more than thousands, or sometimes million dictionary words.
Apart from such brute force attacks, a large number of WordPress sites also end up getting compromised due to the use of outdated WordPress core files, themes and plugins.
WordPress is the most popular blogging platform and content management system today. According to the survey website W3Techs, it powers more than 18% of all the websites on the internet. Being such a popular platform, it is a regular target for hackers who find and exploit security loopholes in the system.
If your company blog is hacked, you stand the risk of losing all the hard work and efforts you spent on designing, developing, and managing it. A hacked blog can suffer from loss of content, stolen user data, corrupt files, downtime, and a blow to your digital marketing strategy.
So how do you secure your blog from such attacks?
Here are some easy security measures you can take to keep your WordPress site safe:
1) Delete the ‘admin’ user
Hackers can easily find sites that use the default username ‘admin’. This gives them half the information to gain access to your blog. If your username is set to ‘admin’ make sure you change it immediately.
Step 2: Log out of your WordPress dashboard and then login again with the new user details.
Step 3: Go back to the Users section and delete the profile with username ‘admin’.
2) Delete all defaults
Hackers can easily find sites that have default WordPress content on the site. This content is used by hackers to locate WordPress sites and then hack into them.
Make sure you have deleted the default ‘Hello World’ post and the ‘Sample Page’ from your blog.
3) Use the latest version of WordPress
Running your blog on an outdated version of WordPress makes it vulnerable to attacks from hackers.
WordPress regularly rolls out newer versions of the software with improvements to the user interface, design, and most importantly, security updates.
Every time a newer version of WordPress is released, you will get a notification in the dashboard screen of your admin panel. Updating is just a one click process and you shouldn’t face any problems with this. But most importantly, before you update WordPress, make sure you take a back up of your blog.
4) Ensure theme and plug-in compatibility
Outdated themes and plug-ins open up another easy entry for hackers into your WordPress site.
Every time a WordPress update is released, it is necessary to ensure that the changes and updates are made to your theme files; to make them compatible with the latest version of WordPress. Also, ensure that all plug-ins on your website are updated.
5) Take a back up of your database
It is very important to take a back up of your blog on a timely basis. This can be done either manually or by using a plug-in like WP-DB- Backup. Even if you follow all the necessary security measures, you can never be assured of 100% security. But knowing that you have a back up of your entire blog can keep you at ease.
6) Limit login attempts
Setting a limit to the number of times one can login to your blog from a particular IP is the best way to protect your site from brute force attacks. You can easily do this by installing a plug-in like Limit Login Attempts.
While these are just some basic security measures, there are several other technical modifications you can make to ensure higher levels of security.
WordPress is no doubt the best platform to build your website or company blog. It gives you the freedom and power to control the content and design of your website more easily than ever. But like Peter Parkar’s uncle in Spider Man said – ‘With great power comes great responsibility’, you need to take responsibility of the security of your blog!
And if it gets too difficult for you to mange, you can always hire the services of a digital marketing company or social media agency that has experts who can help you with designing and maintaining your blog as well as drafting out the right kind of content that will resonate with your target audience.
How do you manage your company blog? How many of the above security measures have you already taken? Share your experiences in the comments!
Abhishek is a part of the Ethinos search team and helps client with various search techniques.