No one wants to wake up one morning and see that his or her website was hacked. You don’t want that, do you? Lost data, lost money, headache and lots of time spent on your website recovery – it’s not the full list of the ‘pleasures’ that you can get literally in any second, even while you are reading these lines right now.
You don’t need to have a technical background to secure your online assets with these tips and detailed recommendations in step-by-step manner below.
How You Can Protect Your WP Website With Your Own Hands – Step-by-Step Instruction
– It’s time to protect my little blog from big hackers
Now we will show you how you can protect your WordPress website from hacking without spending a cent. It’s not difficult, as you’ll see, but still very effective just because most hackers (and their hacking scripts) target most unprotected sites first. And if you do the steps below you will already put yourself above the majority of vulnerable sites.
The list below is in a prioritized order as I suggest it generally for a person who is not very technical.
We will give you both recommendations and exact step-by-step instructions (tutorials) how to harden your website.
Protection against hacking is all about risk. It means that if you don’t follow any recommendations from this section, you put your website under a great risk of being hacked. And with each additional step that We describe here, you will reduce the risk of being hacked and/or reduce the headache and losses connected with recovery after the hacking attack.
1. The first line of your WordPress site security defense is Password
Before We give you the exact recommendations what password is secure enough, here is why we put the importance of strong password before all – setting secure password is the easiest, the cheapest and quite efficient protection against hackers. But many people ignore it or just unaware of this threat.
Here’s something interesting about passwords that people use.
You might think that every person is unique and their thoughts and actions are unique. Well, it’s true. But only to some extent, because people have common patterns of behavior, which are exploited not only by marketers, but also by hackers. Do you want proof that people are very predictable like animals in the herd? Here we go.
Mark Brunett, a security consultant and a researcher, who specializes in MS Windows-based servers and networks, has been gathering passwords since 1999 and by 2011 he had collected more than 6 mln passwords. And he shares his observations and thought on passwords security in his book “Perfect Passwords“.
Also here are some most interesting and shocking facts Mark shares with us after analyzing 2.5 mln passwords from publicly available sources (as of March, 2015):
0.5% of users use the password password;
0.4% use the passwords password or 123456;
0.9% use the passwords password, 123456 or 12345678;
1.6% use a password from the most popular 10 passwords;
1.4% use a password from the most popular 100 passwords;
9.7% use a password from the most popular 500 passwords;
13.2% use a password from the most popular 1,000 passwords.
30% use a password from the most popular 10.000 passwords.
The most popular 10,000 passwords are used by almost a third of all users!
So, are people really as unique as they think? Well, well. Only 1 person out of 555 people can be considered unique when using passwords!
Different versions of the lists with the most common passwords like top 10,000 can be easily found in the web, so everyone including hackers can get to know these most popular passwords which so many people use.
Resume: Don’t assume that your password is unique (and therefore secure). In many cases it is not.
3. Backups. We should have put it first in this list
When it regards safety, We believe there’s nothing even close to having up-to-date backups of your online assets. Backups is the ultimate way to return everything in case of disaster caused by hackers or just by life itself. There aren’t many things that can improve your sleep better than having a recent backup.
This topic is worth a separate post. But for now, We can tell you that if you have a website and don’t use any backup service provided by your hosting provider or a third-party company, stop reading and go download a full backup of your website.
By the way, reliable hosting companies use inner backup systems even if they don’t offer daily downloadable backups for their clients.
Also, if you are going to make any serious changes on your website, e.g. update a plugin, install a new theme, then it makes sense to have the most recent backup at hand, because according to Murphy’s law, anything that can go wrong, will go wrong.
4. Keep WordPress core, themes and plugins udated
As we have already mentioned above in section “What WordPress security issues you should be aware of”, hackers look for and exploit security vulnerabilities which are contained in WP, themes and plugins.
The predator-prey game is simple:
Predators (hackers) find the security holes in the software that you (prey) are using
Software developers need to patch the holes ASAP
You need to update your software ASAP
If you don’t update it, then hackers (or their bots) may find you and hack you
5. Use a safe reliable hosting
It’s discussable that we’ve put hosting on the 4th place in my list (hosting is more important security factor in many ways). But anyway, let’s just go on.
Although nothing is 100% safe from hackers, some hosting services are safer than others.
If you use an amateur cheap hosting, then there’s a greater risk that the server can be hacked, not just your WordPress site. Also, many shared hosting don’t make you safe from a hacker who hacked a website (not yours, but someone else’s) on the same server and through that loophole the hacker hack your website easier.