Despite rumors proclaiming the contrary, WordPress is actually a very secure CMS platform utilized by millions of users around the world.
While there are more advanced measures that users should take when securing your WordPress site, here are the 3 most common habits I see practiced by some WordPress users that may set ones blog up to be hacked.
WordPress Updates Are For Losers
Most of the excuses I hear for not updating resolve around concerns that it will break ones theme, various plugins, or (the worst scenario) they don’t see the value in a 3.0.x update (despite the fact that some of them are critical).
Truth be told the vast majority of WordPress sites that I have seen hacked are because the owner declined to keep their blog updated to the latest version.
If clicking upon the “easy update” button is too difficult, then users should consider asking their host to ensure that their blog is always updated to the latest version.
Note: For those paranoid about a WP update breaking your blog’s theme or a specific plugin, you should consider creating a test site in order to resolve any issues before an update goes live.
Keep Passwords Simple
WordPress users should always utilize complex passwords for their account, utilizing numbers, letters and symbols in order to make guessing the correct password nearly impossible for a hacker.
As an extra precaution, WordPress lovers should also consider installing a plugin called Login Lockdown which will block the IP of anyone trying to access your site after numerous failed attempts.
Note: There is also another plugin called Better WP Security that is similar to Login Lockdown and looks promising, although it’s currently in beta testing right now.
It Doesn’t Matter Who You Host With
When it comes to hosting ones blog, many WordPress users choose the cheapest host around without taking a hard look at the company’s security record.
Unfortunately keeping your blog updated and creating complex passwords is not enough nowadays, as hackers may still be able to access your blog due to your neighbor not remaining vigilant (i.e. not keeping their site secure).
WordPress bloggers should only host with companies taking the security of their server as well as your site seriously (the latter which is sadly neglected by many general hosts).
Users seeking more secure options should also check out WordPress specialized hosting, who from past experience are usually more vigilant when it comes to ensuring that your site avoids being hacked.
Any Other Tips?
If someone new to WordPress came up to you asking how they could secure their site, what tips would you recommend?
Feel free to share your wisdom in the comment section below!