13 Ways to Protect your WordPress from Hackers and Attackers

It’s still a misconception that when you pay for a web domain and a hosting service, you’re set up in your own little private corner of the internet— as if you were buying physical property. But just like you are at risk of break-ins in your home or work, as the owner of a website you are also at risk of security breaches.

Did you know that 73% of all Americans have fallen victim to some type of cybercrime, and 47% have had their personal information exposed by hackers (Stopthehacker.com )? That’s a lot of Americans who have been victims of online security breaches.

Everyone is at risk— big corporations, small businesses, individuals, even governments. That became evident in the recent US election when Russians broke into both the DNC and the RNC. The FBI now considers cybercrime as one of its top priorities.

No one is immune to cybercrime. So as a website owner, you are responsible for keeping your site safe from hackers. This can seem like a very daunting task considering how skilled hackers are becoming. But there are still steps you can take to securing your site, particularly as a WordPress site owner.

Securing your WordPress Site

The following are some critical methods of securing your WordPress site from hackers:

1. Use email as login

An email address is far more secure than a username. Hackers have an easier time predicting usernames, whereas email IDs are more unique. In any case, every WordPress user account is always created with an email address that can be used to validate the login.

2. Set up website lockdown

Have you ever tried to log into an account where you couldn’t remember the correct user ID or password and then been locked out after too many failed attempts? It may be annoying when you’re on the receiving end of a lockdown, but this is an important measure for protection. Establishing a website lockdown for your site is a handy feature because it prevents brute force attempts. Not only is the intruder locked out, but you receive notification of the unauthorized activity.

There’s a plugin that can assist you with setting up lockdown measures for your site called iThemes Security. It allows you to set a limit on failed login attempts and then bans the intruder’s IP address.

3. Change your URL

Hackers have an easier time brute forcing their way into your system when they know the direct URL of your login page. The hacker will try to log in using their Guess Work Database (GWDb), which is full of millions of combinations of usernames and passwords.

Replacing the login URL prevents an unauthorized user from gaining access to the login page altogether. All you have to do is change “wp-login.php” to something more unique such as “login_now_admin.” This will remove the threat of almost all direct brute force attacks.

4. Make use of 2-factor authentication

This is becoming a popular method for protecting logins, and you may already have some familiarity with it for accounts like Google or your online banking site.

As the website owner, you decide which two login details a user must provide to log into their account— email address and phone number, password and security question, etc.

5. Keep WordPress up to date

As WordPress is an open source code, there are always improvements being made to remove bugs and fix security issues. It’s important that you stay on top of the latest version of WordPress by always updating when prompted. An un-updated site is a vulnerable site.

Click here ?to read the rest of the article.