Important information for your WordPress website security

Published: 1st May 2015 in News

Wordpress is one of the most popular content management systems today and it has some great benefits. It is one of the CMS's we use for our web design clients and we know that a good number of our Green Hosting clients use it too. However, because it is so popular it can tend to attract unwanted attention of potential attackers who look for out of date installations and vulnerabilities to gain access to your website's admin area.

This can cause serious problems, including:

- Attackers gaining access to your website, posting their own content or defacing your content.

- Heavy load on the website server as thousands of attempts to access your website log in is made, resulting in your website being taken offline.

Five steps to protect your WordPress website

1. Update your WordPress installation and plugins.

This needs to be done first and foremost, before any of the items below. Always make sure you back-up your website before starting the updates. Keep an eye out for new software releases and update your WordPress website each time.

2. Change the 'admin' username

WordPress' default Administrator username on initial installation is 'admin'. If you haven't changed this it gives attackers a better chance of guessing your log-in details straight away. Make sure none of your user profiles have the username 'admin'.

3. Limit login attempts

There is a very useful plugin that allows you to set a number of failed log-in attempts before a user is blocked. If an attacker is trying to guess your username and password their IP will be blocked until your stipulated timeframe. The 'Limit Login Attempts' plugin can be installed and configured easily and was still working on Wordpress 4.1.1 at the time of writing this article.

4. Rename the wp-login URL

A potential attacker would usually try to find your log-in page from the default WordPress URL but this makes their job so much harder.
The 'Rename wp-login.php' plugin allows you to change the standard log in URL from
www.yourwordpresswebsite/wp-login.php
to
www.yourwordpresswebsite/login-of-your-choice/
Again, this is easy to install and set up. Although the plugin is no longer maintained it was still working on Wordpress 4.1.1 at the time of writing this article.

5. Add a '403 Forbidden' to your .htaccess file

As additional security to the above WP login rename you can add a small amount of code to your website's .htaccess file. If a hacker attempts to find your standard wp-login.php page they will run into a '403 Forbidden' rather than the '404 Page not found' on your website. Here's the code:

<FilesMatch "wp-login.php">
Deny from All
ErrorDocument 403 "Forbidden"
</FilesMatch>

Please note: You should always back up your website before making changes such as these described above. These changes are suggestions only and we cannot be responsible for any problems with third party WordPress software, plugins or themes now or in the future. These changes shouldn't be attempted unless you understand their implications and have a good knowledge of WordPress.

More news from Make Hay

Life Goes On project website
Every so often you're asked to create a website that is just a little different from anything you've done before. The Life Goes On... read more
Online shop for The Flower Deli
You may have seen the colourful website we built for edible flower producer, The Flower Deli. The site was originally created with a flower... read more
New website for PlayWorks
Here is a new website recently launched for PlayWorks, the home of children's play in Nottingham. The scope of PlayWorks'... read more
New website for Aldgate & Allhallows Foundation
It was a real pleasure to create the new Aldgate & Allhallows Foundation website, a charity which provides educational grants to... read more
Online shop for the Wildlife Trust
"We have had some great success with the new shop. Thank you" Here's a project we recently launched for Nottinghamshire Widllife... read more
New Near Future Garden website and gold medal garden show winners
We recently launched a brand new website, Near Future Garden, for our client Deborah at Climate Gardens. Near Future Garden is a conceptual... read more