When the subject is website safety – especially if the website is built on the WordPress platform – it really doesn’t take a seasoned Web developer to keep your blog safe from most hackers. It simply involves a few simple steps and a few safeguards on your part to make sure that you don’t have problems in the future.
What you can do right now are a few things to begin the process of protecting your WP website, like making sure all your WordPress usernames and passwords are strong, keeping your email secure, locking the IP address of anyone else from your backend C-Panel and installing the Akismet anti-spam plugin.
You would be amazed and surprised at how many people use simple passwords such as their name, their pet’s name or names like test, or test1234 as the password to their WordPress blog. In fact, there are robots or spiders that comb the internet trying to find these websites that have created their passwords using these simple guessable, hackable, stealable codes.
Instead of making it easy for the hackers, when you set up your WordPress account, don’t use Admin (or admin) as your username, use something that is non-standard such as a nickname; and when your password must be even more difficult to guess. Create your password with at least one number, one uppercase letter or even one punctuation character to ensure that no one can guess it. You can even use your own name as long as it is encoded as shown in this tutorial.
The next thing you should do is make sure that no one has access to your email account. It does you no good to have a strong WordPress password but a weak email password, because someone can always gain access to your WordPress account by using the lost password tool. This means if someone has access to your email account, they can use the lost password and reset your WordPress password which will give him/her access to your website.
This means that you should secure your email, change your password regularly – or use a password creation code – and be very careful who’s computer and whose wireless network you use to check that email.
Now here’s a great thing that any paranoid webmaster can do, using the C-Panel, you can in fact block access to what’s called the WP-Admin Folder in your WordPress site. Basically you can go to a site such as what is my IP.com and it will show you a series of numbers. Now this number corresponds to you on the internet. And you can in fact block everyone on the internet from accessing your WP-Admin Folder, your administrator dashboard, and then only allow this specific IP address that is yours to access it.
This means that even if someone happens to have your WordPress password, even if you have a weak password, you are the only person who can login to that backend. And finally, one thing that every blog owner should do that enables comments on their blog, is to use what is called the Akismet anti-spam plugin. What this does is checks any new comments coming to your blog for spam.
If you don’t have a plugin like this Akismet, your blog will at some point be flooded with thousands and thousands of spam comments flooding your site with all kinds of nasty links and garbage. Install this Akismet anti-spam plugin or turn off comments entirely and that will help your blog from being spammed to death.
Those are some very simple tips to help secure your WordPress blog. Use strong passwords, secure your email, block the WP-Admin IP addresses except for yours in C-Panel, and use the Akismet anti-spam plugin.