Blog Security In 2018

Running a website in 2018 means being aware and abreast of the current security scene.  If you don’t want your site to get hacked you have to be aware of a few basic security measures.  This can actually be very simple if you take around an hour to educate yourself and implement some security practices.

Most blogs and websites these days are run by WordPress.  Learning how to start a blog has become easier and easier thanks to the advent of better education as well as having the process become easier thanks to WordPress specific hosts such as Bluehost.  However, out of the box WordPress can be a bit shaky when it comes to security.

As someone who has had their sites hacked multiple times, it’s better to take an hour now than to lose time and money later on.

Do Not Use “Admin” as your username

When you start your WordPress blog you will be given a username.  By default it’s set to “admin” but this gives hackers an easy starting point to hack your blog based on one piece of the login.

You can easily change your administrator name.  You might have to create a new login with admin rights first, and then delete the old one.   Just go to “users” on the left hand menu and create a new one with Admin rights.  Name it something unique, and add numbers while you’re at it to make it harder to guess for a wayward hacker.

Change Your Login URL

Using “Wp-admin” as the login url also makes it much easier for hackers to breach your website.  By changing the login url you add an extra layer of security so that your site login can’t be found easily, meaning it’s less likely that you’ll be hit by a brute-force login hack.

Following this guide you can easily change the URL.  However, we urge you to make a backup of your site first before making any major changes.

Elegant Themes also has a great guide on changing the URL.

We have used WPS Hide Login to hide our login pages on all of our sites.  This is a very easy and important step in terms of ensuring your site’s security.

Install A Security Plugin

Another very easy step to take is to install one of the very good WordPress security plugins that are available out there.  Many of these have a free version that will give you basic protection.  If you don’t do this then you’re just asking for it in my opinion!

Better WP Security is a great one, as is iThemes security.  Simply go to Plugins –> Add New Plugin to search the WordPress database for these plugins so you can be sure you’re getting them from the most reputable source.

The basic and free security settings from these plugins will be enough for you to easily ensure that your blog is protected from 90% of attacks that are floating around out there.

Remember: it’s easier to take about an hour now to ensure your site is protected than to have to deal with a hacked site.