Using a Password Service to Protect Your WordPress Site

It seems all we talk about is creating strong passwords and if you are like most people, you create a password that you thought was solid only to find out it is not. What’s the solution? Using a password service is a great way to create a strong password and protect your WordPress and other sites.

There are a number of these services – A few that come to mind are LastPass, Keeper and Dashlane’s password manager; in fact David Pogue of the NYT calls Dashlane’s password manager “life-changingly great”. You install the software on your computer and it will create these wild passwords that are up to 50 characters and really just look like gibberish. What’s even better is that it memorizes them for you, because there is no way you could remember these passwords. Then to keep all those passwords secure you use a master password. That way even if your passwords are stolen the hackers are going to need the master password.

A good master password needs to be strong – in fact it’s critical because all your other passwords lay in the balance of this. Follow as many password rules as you can and this one you need to memorize along with any passwords needed to access your computer.

You will need to be patient as it takes time to transition your entire life online to a password service. You’ll be surprised at just how often you use passwords. Think about it – every time you login somewhere you use a user ID and a password. Getting the system up and functioning completely can be a real challenge, but stick with it, because eventually you will be far more secure and have way less passwords to remember.

You should actually have a password service for your mobile devices and your desktop devices. These are different and will require two different downloads and if it’s a paid service two different purchases.

If you really want to boost your password security on WordPress use more than one password. Have a two factor authorization. This means that your login will require two parts of information. For example, your password and something you know. It provides an extra layer of protection in a number of applications including Twitter, Apple, Dropbox and Google.

Today is a good day to get started with your password service!

Making Sure Your WordPress is Securely Installed

Often the One-Click installs offered by many web hosts don’t install the latest version of WordPress, so after installing it, check to see if it’s the latest version and then do an update if needed. Also check the default themes and plugins and update them if necessary.

The next thing you need to do is take care of security issues on your site. WordPress has a plugin called iThemes Security Pro (formerly Better WP Security), that lets you change certain WordPress features to make it more difficult for the hackers to gain access. Be sure to take advantage of this tool to give you the best chance at a secure WordPress site.

iThemes Security Pro will let you:

* Change the default ‘Admin’ username to something different
* Lock entrance to the admin at specific time periods
* Change your admin user ID from 1 to something different
* Ban users based on the IP addresses
* Automatically email your database backups to yourself
* Change the URL you use to login from wp-login to something different
* Change your WordPress directory files from wp-content to something different
* Change your database prefix from wp_ to something different
* Check the number of hits on 404 pages and lock the user out if they are excessive
* Track any file changes
* Limit the number of times you can login attempts with the wrong password

And there’s more.

One of the easiest ways to get through a site’s security is with their password. Many don’t take the time to create solid passwords because they claim they take too much time, but compared to the time it will take you to attempt to rebuild your site, it seems like such a small price.

When you are creating a password:

Every password should be at least 15 characters
Every site should be different
Is strongest if it is not an actual word
Is strongest if it is a mix of special characters, lowercase letters, capital letters and numbers.

Regular Backups

The last thing you need to do is make sure you are taking regular backups of your site files and database(s). That way should the unthinkable happen, you will at least have a backup safely stored away, which will certainly reduce your stress.

One of the most popular plugins for doing this is called UpdraftPlus. This will create a backup and then upload that backup to Dropbox for safe keeping. You can also email that backup to yourself. That’s because the Dropbox plugin keeps only one backup, so sending to yourself allows you to keep many versions.

Get busy, add your plugin(s), change your passwords, make your backups and make your site as secure as possible.

How You Can Protect Your WordPress Site from Hackers

These days your WordPress website security is no laughing matter – in fact, you could say it has become downright treacherous as more and more people come to find themselves left with the devastation of a hacker. Rather than being a statistic, now is a good time to take action and do what you can to protect your WordPress site from hackers. Let’s have a look at a few things you can do.

#1 Protect Your wp-config.php
This is an important WordPress file and so you will want to make sure it is protected. You can hide it so it is not available for public view just by putting a few lines of code into your htaccess file.

<Files wp-config.php>
order allow, deny
deny from all
</Files>

Add this code and it will stop the wp-config.php file from being visible to public users and makes it harder for hackers and robots to spot.

#2 Never use “admin” to Login
One of the most common mistakes is to leave the default ‘admin’ as your login to your WordPress sight. This needs to be changed right away as this is dangerous and allows hackers an advantage. It’s very dangerous leaving ‘admin’ as your login.

#3 Use SFTP
Most people use FTP to upload their files, but you really should use a Secure FTP connection – SFTP. That way when you send your files they will be encrypted.

#4 Using the Login Lockdown Plugin
Login Lockdown plugin will make sure that you remember your password. Every failed attempt at logging in is registered along with the person’s IP address and it will block the ability to login from different IPs if the login has failed after the set number of attempts, which you control. The default setting is 3 failed logins within 5 minutes per hour. You have the control to remove the blocked IP address from the plugin panel in your WordPress dashboard.

#5 WP-DB Backup
You need to have backups regularly not just now and then when you think about it. UpdraftPlus is a plugin that will do this for you and then it will send your backup to your email address and/or store it on the server. An offsite backup is wise because should your site be hacked it gives you the best chance of getting things up and run quickly.

There are plenty of things you can do to make your WordPress site more secure – these are certainly a good start!