Yeah, so did I.
And then I lost it.
So here’s what I learned and how you can easily protect your self-hosted WordPress.
1.) Know your hosting provider. It’s simple, but makes a world of difference. WordPress.org recommends Bluehost, Dreamhost, and Laughing Squid. For my clients, I choose Web Hosting Hub. You know that one hosting company that everybody knows and you can sometimes get a year free through blogging eCourses? RUN. Ask me how I know. Here are a few key things to look for when selecting your hosting provider:
- Server Reliability,
- 24/7 Support,
- Money-Back Guarantee,
- cPanel Hosting,
- Great Reviews & Recommendations.
(And if you’re buying from a reseller, check their policy on over-selling their server. Again, learn from my mistake! There is nothing worse than finding out that you are on an overwhelmed server and there is nothing you can do about your site going down because of another site’s traffic!)
2.) Create a new Admin User Account. This only takes a few minutes and will go a long way toward protecting you from hackers. Simply go into the Users area on your Dashboard and create a new User with Admin privileges.
- Do NOT make the username “Admin.”
- Create a strong password.
- Mix uppercase, lowercase, numerals and symbols.
- Don’t use the same password on multiple sites.
- Once you are positive your new Admin account is working (try it a few times), DELETE the original one.
3.) Limit Login Attempts. The plugin by this name will override WordPress.org’s default of unlimited login tries. You can control how many attempts are allowed and set it to email you when someone has been locked out due to too many attempts.
4.) Only download reliable themes! If you need help finding a theme, contact me! Also, be sure that you aren’t storing unused themes on your dashboard. Back up any themes you have purchased but aren’t using and remove them all from your WordPress. You can always find the free ones again!
5.) Update your themes and plugins. Even if they aren’t currently activated, keep them updated! Also, always make sure you are running the latest version of WordPress.
6.) Back up your blog! And double check that it is backed up properly. This was my downfall the last time around. I thought I had a backup waiting for me, but it never completed. Lesson learned. Now I recommend Blog Vault.
7.) Harden your WP Security. Use a plugin like BetterWPSecurity to enhance your all-around security. (Make sure you back up properly before installing as this plugin makes some really big changes to your database and files!)
*Disclaimer: many of the links in this post are affiliate links. While I do get paid for purchases made through them, I do not promote any products I do not believe in whole heartedly.