Of all the content management systems (CMS) in use today, WordPress is the most popular. Millions of people and businesses choose WordPress for good reason. It is an open source CMS with a large and thriving community of developers from all over the world. It is because of this active community that WordPress has such an enormous offering of free and paid blog themes and plug-ins that allow anyone to create virtually any type of site.
However, there is a downside to this popularity. There are an enormous number of hackers who specialize in breaking into WordPress blogging sites. Hackers do their thing for a variety of reasons, none of which is good for your blog. The risk of your blog getting hacked can be significantly reduced by taking some simple precautions.
The first set of precautions is to not use the default username “admin” and to use a very strong password. The reason for doing this is that many hackers use automated software that patiently tries to log into your WordPress blog by using “admin” as the username and by making thousands of password guesses.
It would not take long for such a program to permeate through all the possibilities of a four character password consisting of alphabetical letters. Therefore you should change the default username and make your password very long and complex using all the characters on your keyboard. The max password length is over 30 characters. Use them all. There are plenty of available login scripts that you can use, so you don’t have to worry about memorizing your password.
The second set of precautions is to keep everything up to date. When a new revision of WordPress comes out, update your blog. Also keep your blog theme and all of your plugins updated to their latest versions. The reason for doing this is that many of these revisions contain security patches. The well-known security flaws of older versions of themes, plugins, and the WordPress CMS, often get passed around the hacking community.
Next, you should make frequent manual backups of your blog because these will enable you to restore it should a hacker succeed in having his way with your site. Don’t rely on your hosting provider for doing this because they typically use an automated process and only keep the latest backup. Should they make a backup right after your blog is hacked, then their backup is nothing more than a copy of the site in its hacked condition.
Finally, make use of the security plugins that are available from the WordPress community. There are many types to choose from. Which of these is appropriate for you depends on your particular set of circumstances. Some of these plugins are based on limiting the number of login attempts while others allow you to specify which IP addresses are permitted access to your blog’s login page.
The methods used by these plugins are varied. Not all of these security plugins are created equally. When choosing a plugin, do your research. You can start by checking their user ratings. The more people that have contributed to the ratings, the more reliable the ratings are as a guide. A plugin with a high number of downloads is a safer bet than a relatively untested plugin with just a few downloads.