We've talked about backing up your website in a prior post. But here are some quick security measures you can take to protect your website from problems.
Here are some suggestions:
Always use an admin name other than “admin”
- When you initially install WordPress you can choose the username for the main admin account. Do not use the default “admin”; choose something original instead. Brute force scripts (hacking scripts) trying to guess your password will assume the username “admin” is in place… Let them make that false assumption and keep them out of your site!
Use a Secure Password.
- I bet you've heard this one before. You shouldn't use the same password for all your websites and logins. You also shouldn't have a simple password like your kid's or pet's name. Make your passwords long, over 8 characters, and use a combination of uppercase, lowercase, numbers and symbols for best protection.
Change Admin Passwords Occasionally.
- Change all admin-level passwords. I say occasionally because the schedule really depends on your business practices. For instance, if you outsource your WordPress maintenance or administration to different people all using your main admin account, you would be wise to change your password more frequently that if you are the only admin.
Delete Unused Accounts.
- If you have any user accounts on your WordPress installation that you are not using anymore, be sure to remove them.
Register Domains Elsewhere.
- If you need to move your websites because of problems with your host, you'll be glad to have your domain name registered elsewhere. This will allow you to quickly move domains by simply pointing the nameservers at your domain registrar to your new hosting service. (For example we get our domains at www.domaindiving.com and our hosting at www.hostgator.com)
WordPress Security Plugins
Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.