By now I’m sure you’ve heard that there’s a massive attack going on against web host providers that have WordPress blogs on their servers. They say there are over 190,000 IP addresses involved in these attacks. That’s a lot of bots being used to attack the web hosts!
Many WordPress sites have been hacked into and ruined and/or destroyed. This is mainly due to easy to guess passwords and user IDs that people use. For instance, if you do a quick install of WP through your web host provider, you’ll more than likely have a user id of “admin” that you use when you login to your blog – right? And most folks use somewhat easy to guess passwords when creating their admin accounts. This all leads to an easily crackable blog!
So in order to help yourself and make your blog more secure you should change your admin account ASAP! How do you do that? Easy, just follow these steps:
- Login as “admin”‘
- Click on “Users” and create a new user following the steps below
- Choose an unusual username, one that you’ll easily remember (NOT “admin”)
- Make that user’s role an “administrator”
- Create a password that has upper and lower-case letters, numbers and at least 1 symbol in it. Remember to never use the word “password” or “wordpass” in your password – just don’t do it!
- Click on “Add new user”
- Log out as “admin”
- Login as the new user you just created
- Delete the old “admin” user account and assign all the “admin” posts-pages-comments to the new account that you are logged in with
- Walaa, your WordPress site is now much more secure
Another WP plugin that I’ve been using recently is called Wordfence. It’s a great “free” plugin. The official description of the plugin:
Wordfence is a robust and complete security system for WordPress. It protects your WordPress site from security threats and keeps you off Google’s SEO black-list by providing a firewall, brute force protection, continuous scanning and many other security enhancements.
Wordfence also detects if there are any security problems on your site or if there has been an intrusion and will alert you via email. Wordfence can also help repair hacked sites, even if you don’t have a backup of your site.
Powered by our Cloud Servers
Wordfence is not just a standalone plugin for WordPress. It is part of Feedjit Inc. and is powered by our cloud scanning servers based at our data center in Seattle, Washington in the USA. On these servers we keep an updated mirror of every version of WordPress ever released and every version of every plugin and theme ever released into the WordPress repository. That allows us to do an integrity check on your core files, plugins and themes. It also means that when we detect they have changed, we can show you the changes and we can give you the option to repair any corrupt files. Even if you don’t have a backup of that file.
Keeping you off Google’s SEO Black-List
We also maintain a real-time copy of the Google Safe Browsing list (the GSB) and use it to scan all your files, posts, pages and comments for dangerous URL’s. If you accidentally link to a URL on the GSB, your site is often black-listed by Google and removed from search results. The GSB is constantly changing, so constant scanning of all your content is needed to keep you safe and off Google’s SEO black-list.
Scans for back-doors, malware, viruses and other threats
Wordfence also maintains an updated threat and malware signature database which we use to scan your site for intrusions, malware, backdoors and more.
I found out about this plugin when I bought a site from an Internet Marketer. It was already installed and I love it! It sends me alerts whenever my site needs attention – like a plugin that needs updating, etc. You can even go and see who’s on your site “live” at that moment. I highly recommend getting the plugin and following their setup tour steps.
If you take these two steps I’ve outlined here (changing the admin account and adding the WordFence plugin), your site will be much more secure and almost hack-proof. And you’ll blog and sleep much more comfortably at night! 😉