Website Security

Wordpress safety

This post will focus on WordPress. Another time I’ll write about WooCommerce, Magento and Joomla. I just wanted to quickly give some tips on how to do some basic security house keeping.

I remember sitting in the lecture for computer security at the University of Tasmania, the lecturer often told stories of hacked websites, databases and one particular story named ‘The Cuckoo’s Egg’. This books is fabulous. I read it in a night, I couldn’t put it down. Our lecturer was discussing the story and mentioned one of the most basic website security concepts of all. I’m going to share it with you now too. Get ready, it’s ground breaking. haha.

Never keep the user name as ‘Admin’, or ‘Administrator’ or ‘User’. What ever username your device comes with by default, change it.

And, change the password.

Hackers love it when you leave the user name as ‘admin’ and password as ‘password’! Don’t do it!

Another tool Webtiger will ensure is switched on, comes with WordPress by default, this is ‘Limit Logins’. There are a few other third party plugins you can install for free and buy.

One of the best ways to see if a plugin is any good is to look at how many downloads/uses it has. Wordfence has over a million installations. iThemes is also highly rated.

Backup

Make sure your website is backed up frequently. If you do get hacked, we can roll back to a version without the hack and implement security measures to avoid it happening again.