5 Simple Steps to Make Your WordPress Account Hack-Proof | GreatestFart

WordPress, the free and open source blogging tool and content management system everyone loves, is understandably popular. As of January, it was being used by 19.3 percent of all websites. It’s comparatively easy to use and flexible — and did we mention it’s free? The number of bloggers seems to increase exponentially by the day, and it seems like they’re all on WordPress.

That’s the good news. The bad news is that recent events have revealed that WordPress isn’t the most secure system. This past spring, a massive botnet hack hit tens of thousands of WordPress accounts.

WordPress users can take some steps to avoid becoming victims of this sort of attack. Here are five tips that can make using WordPress more secure.

• The default username “admin,” is the first thing hackers look for. No less an authority than Matt Mullenweg, WordPress’s founder, has said, “If you still use ‘admin’ as a username on your blog, change it.” You can choose a different username when you set up the account, or you can change it by taking the following steps: Create a unique account name with administrator privileges; log out and log in with your new original account name, and then delete the “admin” account.
  
  
• Strong passwords really help. Of course, you shouldn’t use anything obvious, like your birthday or your dog’s name, and you should use a different password for every account. Those things are given, but for even greater security, take it to the next level. A complex, random mix of letters and numbers may look unguessable, but many password experts suggest that length is more crucial than complexity. Use a password-strength checker if you’re not sure. And don’t answer those password reset questions about your mother’s maiden name or your first car truthfully; instead, come up with a response that’s easy for you to remember but hard for hackers to uncover.
  
  
• There are several security plug-ins you can use with WordPress, and some of them are free. Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin. Limit Login Attempts does exactly what it says it does, which helps deter the sort of brute-force attack that occurred last spring. Google Authenticator gives you two-factor authentication using the Google Authenticator app for smartphones. And Wordfence includes a firewall, anti-virus scanning, cellphone sign-in, malicious URL scanning, and live traffic including crawlers.
  
  
• Speaking of plugins, be sure to keep yours updated, along with themes and software. Keeping these components up-to-date will help keep you on top of bug fixes and improve security; hackers look for out-of-date plugins and themes they can exploit. And if you have unused themes or plugins installed, it’s best to delete them.
  
  
• Know your themes. There are some cool, flashy free themes out there, but be wary. “Free” is a red flag on the web, and those free themes could contain some malicious or unwanted code that will end up making them anything but free. WordPress offers a TAC (Theme Authenticity Checker) that can help sort out the bad stuff. Use it.
  

WordPress is a useful tool that’s made it possible for almost anyone to create a blog or website and get their message out there. It allows more voices to be heard than ever before. Unfortunately, the downside is that it can leave you vulnerable to hacking.

Hackers and their methods seem to grow more sophisticated with each passing day—but with a little common sense on the user end, you can maximize your chances of keeping them at bay.