Always back up your WordPress blog!
I’ve already done a post on how to backup and restore your WordPress blog but this is seriously SO IMPORTANT that I need to remind everyone again! If your WordPress site gets hacked, your blog is GONE! …unless you backup. If your security is lacking in even one area, this can easily happen to you. It’s so much better to be safe than sorry! Do not make the mistake of not backing up and losing all your hard work!
And remember: there are two parts to backing up your blog. You have to do BOTH of them if you want your blog to be completely recoverable!
1) Back up your database. Your database is where all your posts, pages, users, and settings are stored. The big one here is POSTS. All of your posts are saved in the database!
2) Back up your files Your files (like what you see in FTP) are where your images, themes, and plugins are stored. The big one here is IMAGES because themes and plugins can easily be installed again. But if you don’t want to lose all your images, you need to backup your WordPress files!
Have a secure password & don’t have a username called “admin”
If you have an insecure password and/or you have an account with the username “admin”, the chances of you getting hacked are VERY high! The last two days I have woken up to this:
That means I went to bed with 0 login attempts and woke up 8 hours later with 1,700. TWO DAYS IN A ROW! That’s 3,400 failed login attempts in two days. This means someone has an automatic script up and running that tries thousands of password combinations on my blog… all by itself, over and over again.
Luckily for me, every single one of those attempts is for the username “admin”, which doesn’t exist on my blog. But that’s my point! All the ‘robots’ out there will try to brute force their way into your blog by trying to login with the username “admin” and thousands of different possible passwords. If you have an account with the username “admin”, your chances of being hacked just went WAY up!
Delete/change the “admin” account name
If you just remove the account called “admin” you’re already several steps ahead of the hackers and you have that much less of a chance of being hacked.
Have an incredibly strong password
These automatic scripts usually go through dictionaries trying all the dictionary words as passwords. So if your password is “dog”, the ‘robot’ is going to have a super easy time guessing that!
Your password is easy to guess if:
- It is a dictionary word.
- It is short.
- It is a name (like your name).
- It is your blog name.
- It is “password123”.
- It contains any kind of personal information about you (like your name, followed by your birthday).
Your password is HARD to guess if:
- It contains a random string of numbers, letters, and symbols;
- AND it is at least 10 characters long.
- OR it is a random sentence, such as: “The dog went to the party and loves cake.”
To help with all this: Better WP Security
I highly recommend a WordPress plugin called Better WP Security. You can use it to examine your security, track failed login attempts, lock people out after a certain number of failed attempts, etc.
The one thing you have to be careful of with this plugin is locking people out for too many 404s. If your blog has a lot of 404 errors, DO NOT enable this feature because you might even lock yourself out! Or, if you use the Linky Followers widget, DO NOT enable this feature! Last time I checked, the Linky widget was HORRIBLY made and generated like 3 404 errors on every single page load. (You’ll see them if you open up the Console in Developer Tools.) I learned that the hard way when I still had the widget and locked myself out of my own blog for like an hour. The real message here is that Linky followers sucks *cough*cough*, but if you use it then don’t enable the “404 Detection” feature.
But it’s a fantastic plugin and will help you be more aware of your WordPress security!