Trending
Publishing Tips
How To Secure Your WordPress Site – 7 Tips for Authors
Learn how to secure your WordPress site with this quick 7 point checkup
Many authors use a self-hosted WordPress site because of the promotional benefits it offers. But is yours secure?
WordPress is without a doubt the most popular blogging platform. It offers so many features, plugins, and functions that when it comes to serious blogging and book promotion, there is no better platform to use.
The advantages of being able to integrate social media sharing, add monetising options and most importantly, gain far more organic traffic from Google and Bing make the small investment in hosting fees, money well spent.
However, due to its popularity, poorly secured WordPress sites are also easy targets for hackers and scammers. Their aim is not necessarily to steal your information, but more likely to try to add or inject malware, adware or possibly viruses into your site.
Preventing this from happening is not difficult, but it does mean taking a few simple precautions. To enjoy all the benefits WordPress offers it is essential to take a few simple precautions to ensure that your site is safe from attack.
The following seven simple security tips will definitely save you a lot of heartaches.
1. Check your username
On a new installation, WordPress sets the default administrator username as ‘admin‘. The default username setting must be changed, and never used under any circumstances.
The way to change this is easy. Add a new administrator user, and select a new username and password. Once done, delete the user with the username ‘admin‘. Other usernames to avoid using are your name and your site’s name as they are too easy to guess.
2. Set a strong password
Your password is the number one defense against attack, so make it as strong as you can.
Ideally, longer than 8 characters, and it should include two non-alphabetic characters, numbers and an uppercase letter. It should not have sequences such as 1234 or abcd.
You should also change your password from time to time. Yes, I know it’s a pain, but changing your password every now and then is by far the best security measure you can take.
3. Remove the meta box widget
WordPress has a default meta widget that gives site visitors links to login and subscribe. Never use this widget on your site, as it is an open door invitation for hackers.
4. Don’t allow subscribers
Even though you can collect subscribers via your WordPress site, it is far safer to collect subscribers via an external email application such as Feedburner, MailChimp, Aweber or whichever service you choose.
This goes without saying of course. But if you need technical help with a plugin or theme, sometimes a developer may ask you for your login details. Be careful, and only do this if absolutely necessary.
If the occasion arises, however, it is worth changing your password after the problem has been resolved.
6. Add monitoring and protection
Wordfence is a popular WordPress security plugin that monitors and blocks unwanted intruders.
It is free and is installed on millions of sites. There is a premium version available, but for most site owners, the free version offers more than sufficient protection.
7. Back up your site files and database
There are many plugins that offer backups, and any of them are better than nothing. The most important aspect to consider when looking at ways to backup your site is that your backup files are not stored on your hosting server.
Many free plugins work like this and are not offering you much protection. If you have a problem or are hacked, your server will be where the problem occurs, so having your backups there is pointless, as you may not be able to access them.
Updraftplus as it has the facility to store your backup files on external sites such as Google Drive, Dropbox and Amazon S3, as well as many others. The free version offers basic file and database backups.
Again, there is a premium version that offers more functionality, and this is what I use as I have a number of sites to protect.
Summary
You don’t need to spend a cent to keep your WordPress site safe and secure. But the few minutes you take in checking or implementing the seven points I have listed here will be time very well invested in making sure that your site is as secure as possible.
Learn how to secure your WordPress site with this quick 7 point checkup
Many authors use a self-hosted WordPress site because of the promotional benefits it offers. But is yours secure?
WordPress is without a doubt the most popular blogging platform. It offers so many features, plugins, and functions that when it comes to serious blogging and book promotion, there is no better platform to use.
The advantages of being able to integrate social media sharing, add monetising options and most importantly, gain far more organic traffic from Google and Bing make the small investment in hosting fees, money well spent.
However, due to its popularity, poorly secured WordPress sites are also easy targets for hackers and scammers. Their aim is not necessarily to steal your information, but more likely to try to add or inject malware, adware or possibly viruses into your site.
Preventing this from happening is not difficult, but it does mean taking a few simple precautions. To enjoy all the benefits WordPress offers it is essential to take a few simple precautions to ensure that your site is safe from attack.
The following seven simple security tips will definitely save you a lot of heartaches.
1. Check your username
On a new installation, WordPress sets the default administrator username as ‘admin‘. The default username setting must be changed, and never used under any circumstances.
The way to change this is easy. Add a new administrator user, and select a new username and password. Once done, delete the user with the username ‘admin‘. Other usernames to avoid using are your name and your site’s name as they are too easy to guess.
2. Set a strong password
Your password is the number one defense against attack, so make it as strong as you can.
Ideally, longer than 8 characters, and it should include two non-alphabetic characters, numbers and an uppercase letter. It should not have sequences such as 1234 or abcd.
You should also change your password from time to time. Yes, I know it’s a pain, but changing your password every now and then is by far the best security measure you can take.
3. Remove the meta box widget
WordPress has a default meta widget that gives site visitors links to login and subscribe. Never use this widget on your site, as it is an open door invitation for hackers.
4. Don’t allow subscribers
Even though you can collect subscribers via your WordPress site, it is far safer to collect subscribers via an external email application such as Feedburner, MailChimp, Aweber or whichever service you choose.
This goes without saying of course. But if you need technical help with a plugin or theme, sometimes a developer may ask you for your login details. Be careful, and only do this if absolutely necessary.
If the occasion arises, however, it is worth changing your password after the problem has been resolved.
6. Add monitoring and protection
Wordfence is a popular WordPress security plugin that monitors and blocks unwanted intruders.
It is free and is installed on millions of sites. There is a premium version available, but for most site owners, the free version offers more than sufficient protection.
7. Back up your site files and database
There are many plugins that offer backups, and any of them are better than nothing. The most important aspect to consider when looking at ways to backup your site is that your backup files are not stored on your hosting server.
Many free plugins work like this and are not offering you much protection. If you have a problem or are hacked, your server will be where the problem occurs, so having your backups there is pointless, as you may not be able to access them.
Updraftplus as it has the facility to store your backup files on external sites such as Google Drive, Dropbox and Amazon S3, as well as many others. The free version offers basic file and database backups.
Again, there is a premium version that offers more functionality, and this is what I use as I have a number of sites to protect.
Summary
You don’t need to spend a cent to keep your WordPress site safe and secure. But the few minutes you take in checking or implementing the seven points I have listed here will be time very well invested in making sure that your site is as secure as possible.
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using ‘Content here, content here’, making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for ‘lorem ipsum’ will uncover many web sites still in their infancy.
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using ‘Content here, content here’, making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for ‘lorem ipsum’ will uncover many web sites still in their infancy.
The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using ‘Content here, content here’, making
The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using ‘Content here, content here’, making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for ‘lorem ipsum’ will uncover many web sites still in their infancy.
