Hackers love WordPress. It’s a little spoken fact that the millions of business owners around the world that use WordPress don’t really talk about. I wondered if it’s just because they don’t know too much about it, or just haven’t thought too much about it.
Update, update, update
So, before I scare you all off to another platform, let me reassure you that WordPress is a pretty good, secure system… with a caveat. You have to keep the site, your theme, and your plug-ins up to date, or all bets are off. Wait, what? It’s serious stuff. Clicking the update button takes less than a second, (or less than a minute if you need to locate it on your screen), but many business owners running wordpress ignore those update warnings. Latest data says that 51% of site breaches are due to out of date software of some kind, so get updating, or if you have a web master, make sure they are on it.
Delete the admin user
Keeping the software up to date is easy peasy, but it’s not that much harder to take the next steps towards a better protected site. The first thing to do is to replace the defaul t admin user. To do that, you login as the admin with the initial password you set up (or provided to you). Scroll down the left hand column of wordpress tools and find “Users”. Add a new user, with your name, or some other identification you would like, and set it up as a administrative user. Log out and back in again with the NEW user name. Delete the admin.
Add some tools
Last but not least find some Security and Back up plug ins and install. There are some really decent FREE tools, so why not. We like Wordfence for WordPress Security, and Updraft Plus for Back up… but if these don’t meet your needs, scroll through plug ins which are updated often and have good reviews. Chances are, it will be a good experience.