Securing Your WordPress Site

WordPressLately there have been a lot of brute force attacks against WordPress and Joomla sites. While you can never fully secure your site so it cannot be hacked, you can make it difficult enough to the hackers move on. There are two WordPress plugins that I have used to help with this.

The first plugin I use is called Secure WordPress. What this does is allow you to change some of the settings on your WordPress site to prevent users from finding out detailed information. Such as your WordPress version, or finding out from your login page if they had the user or password incorrect. It even has the ability to hide some of your plugin directories so others cannot get a listing of the directory. There are many more features that it does, but it is a good plugin if you want to secure your site a bit and make it harder for the hackers to get information.

Another great plugin is Simple Login Lockdown.  This one really addresses some of the brute force password and login attacks lately.  The plugin by default changes WordPress so you can limit how many bad login attempts can be made, and have the plugin lock login capability for a certain amount of time.  By default the plugin will lock logins for an hour after five failed login attempts.  This is great as it keeps bots from trying countless login combinations to hack your WordPress site.  I consider this plugin a MUST HAVE for any WordPress site.

But there are a lot of things you can do beyond just plugins.  If you are still using the default admin login, don’t!  You should delete or limit the admin login userid in WordPress and set one up of your own, hackers will try admin first.  Also make sure to use a complicated password, or even some long gibberish password from a password tool like LastPass.  Restricting ping backs and changing your comment settings can also be useful to limit the amount of spam bots that try to comment on your site.