When they aren’t busy pranking radio station contests at Taylor Swift’s expense and terrorizing teens on Tumblr, hackers are finding ways into your personal information through WordPress. Only a few months ago, 90,000 WordPress accounts were infiltrated in a massive botnet offensive that relied on Brute Force Attacks. These attacks are exactly what they sound like all brawn, no brains which means all it would have taken to avoid them was a little smarts on the users behalf. Read on to find out how you can avoid becoming a victim by using the simple methods most hackers are betting you don’t know about.
1. Get all 007 with your password
Probably sounds obvious, but you really need to go the extra mile when a single string of characters is all that stands between a hungry pack of hackers and your personal information. There are lots of good things to keep in mind (use numbers, caps and lower case characters), but if you’re looking for a list of things not to do, check the one that contains all the passwords they figured out. If you’re going to use your dog’s name, spell it backwards. And type it in Cyrillic.
WordPress protip: Use the password strength barometers! Even if you donât trust them explicitly, use them as a guide.
2. Default usernames are the worst
First of all why wouldn’t you want your username to be a unique reflection of your awesome prose/poetry/journalism? When you leave the default admin as your username, you’re sending out a beacon of vulnerability to every hacker who’s even halfway trying because they’re already halfway closer to your full login information.
If you currently use admin as your username:
- Create a unique account name with administrator privileges.
- Log out and log in with your new original account name.
- Delete the admin account.
WordPress protip: Save yourself the headache by doing this when you’re setting up your account for the first time actually, that goes for every account you have everywhere.
3. Keep updated
Your smartphone may come equipped with the luxury of automatic updates, but WordPress does not. Set up automatic updates in your browser, or check in at least every month for the latest version of the software. With the increase of new attack methods comes the increase in WordPress’s ability to thwart them.
WordPress protip: Update everything. You don’t want to fall victim to something that was solved in last month’s bug fix.
4. Hack the hackers
Well ok, not really. But here’s a tip from one semi-informed computer whisperer to another:
The wp-config.php is a file stored by default on the WordPress server, and contains sensitive information like your username and password. Keep this file out of anyone else’s hands by moving it from the online (public) directory and into a local one.
This is how we do it:
If your file is located here:
Then you need to move it here:
This moves it one directory above the WordPress root directory, making it almost impossible for anyone to access this very sensitive file.
5. Nothing is free
The first step to avoiding software that could harm your computer is by following a pretty valuable life rule: Free is rarely free especially when it comes from a search result for anything with the word free in it. Sites that come up on your hunt for cool themes that don’t charge you the hard cash they’re normally worth are often vehicles for destruction that is, they’re probably embedded with some nasty code.
WordPress protip: Use the TAC plug from WordPress (Theme Authenticity Checker) to weed out any questionable themes.
Do you know some other ways to protect WordPress accounts from being hacked? Share your advice in the comments and help us all stay armed in the age of internet infiltration.
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.