Sadly it seems that whatever you do on the internet there are numbers of people who for whatever reason will want to play havoc with what you have done. This irrational and meaningless behavior is a pain in the life of most people who have anything to do with websites.
- Password Security
This is your number one vulnerability. Do not have generic passwords for your admin users, each person must have their own password. Each password must be of sufficient length and complexity to make it difficult to crack. That means, at least 12 characters long, Capital Letters and Lower Case Letters, Numbers, and Special Symbols (!@#$%^&*_). Generally it will be better if this is something that you can recall, but not something too obvious.
- Avoid Certain User Names
Do not under any circumstances have a user called ‘admin’. A lot of wordpress installers will create an admin user. If this is the case, create another user with administrative rights and then delete the user called admin. Also do not have a user with the name the same as the site name, as hackers will inevitably try and use this to hack into the site.
- Security Plugins
There are a number of good security plugins. One I use on a number of sites is WordFence which has an install base in excess of 2 million sites, so clearly I am not on my own for thinking it does a good job.
It seems forums and other applications that allow frontend user input to the database invite no end of attempts to break in. Of late I have been using another security module on these sites, which includes the ability to block ip addresses from the site after a number of failed attempts for a period of time and even ultimately to blacklist them.
- Stay Up to Date
On most sites I manage from dashboard Utility we will be ensuring that both WordPress together with themes and plugins are up to date, which often includes locking down of new found security weaknesses. If in logging on to you site you are advised about updates, then in normal circumstances you should run the updates. It is also important to keep the PHP running in the background up to date.
- Server Weaknesses
Most modern hosting companies will also be managing to security of their servers. This is their responsibility, and party of what we pay them money for. If you run into problems here, it may well be time to ask them to fix it, or find a new web host.
If you have any security concerns about your site, you should feel free to discuss the matter with me.