Last week one of my websites was under a brute force attack. WordPress has an enormous amount of momentum, and has become very popular (64 million installations, and counting). The truth is that WordPress sites are as safe as any technology, provided a few precautions are taken. Here are a few things we recommend, using the concept of security through obscurity.

1. Set your user name(s) to anything except ‘admin.’ If your login is “admin”, create a new user name and assign it with admin privileges, and then remove the account with “admin” as the user name. It’s so much harder for a hacker to access your site if they have to figure out the password AND the user name. Your user name can be as simple as your full name, such as Heather Cox (spaces are OK).
2. Create a strong password. You know, all the usual recommendations. Combine a capital letter, a number and a special character with your word. Phrases work well and can be easier to remember. For instance: BeSure2staysafe! This password includes sixteen characters, plus a capital letter, numeral and a symbol.
3. Update your software! This is easy and any site owner can push “update” for plugins and software. Do this regularly and you will close any security holes on your website.
4. Keep a backup. There are a few great WordPress plugins, like Updraft, that you can install and configure to save backups. One client came to me who had been hacked, and sadly there was nothing we could restore. She never made a backup. Don’t let this happen to you!

With these four simple steps, WordPress is a safe platform. Hacks can happen, but they are much more unlikely if you take these steps. If you are ready for a new website, or if you just need help with backups and software updates, contact Heather at [email protected].