Site security is important
It’s never been so important to upgrade the site security on your website. For one in Europe by not having a safe & secure website you are potentially breaching GDPR regulation. The other reason if you lose your website, all hard work you’ve done on your website could be lost. Here’s some basic security tips you should be implementing on your website.
This comes up time and time again and not just for your websites. Having poor passwords is the number 1 reason why anything gets hacked into. An example of a weak password is the name of your dog, your birthday or simply a sequence of numbers such as ‘12345678’. You are simply giving the keys away to your hacker. Passwords need to have a mix of numbers, letters, special characters and capital letters to be considered strong.
Remove 'Admin' username
Most websites in 2019 are run on the WordPress platform and the default username on all installations is the username ‘Admin’. This makes it easier for the hacker to just guess the password. In other words they’ve won half the battle already. Currently, you can’t change the admin natively on WordPress, however there are great plugins out there which will solve this problem. If there’s any security advice you should follow and it’s to change the username.
Two Factor Authentication
Two factor Authentication is a very powerful way of preventing unauthorised access to your Admin dashboard on WordPress. It gives a second defence to your admin dashboard. The first defence is logging in via username and password. If you’ve done that right, the system will send a code to your email address which you must type into the field the website provides before you’re given access. Again there are great plugins which do a good job.
The login URL for WordPress is yourdomain.co.uk/wp-admin This is the default URL for every new WordPress installation, hackers know this as well so they’ll type this in before anything else to try and login. If you’ve changed this to something else, you’ve already put a great defence into the website.
Restrict the amount of times someone can log in
On most default WordPress website installations a user can simply guess as many times as they like to try and access your website. You will want to limit this and lock out users who go past this limit. There’s also great software out there which will restrict users based on IP address. Once the user has been locked out they won’t be able to login for x amount of minutes. If it’s repeat offenders they will banned permanently.
Bonus Tip: BACKUP your website on a regular basis
The best defence you have to any intrusion is to make a backup of your website. This gives you the peace of mind should anything happen to your website, you will have a backup of it. Further to this should you need to recover your website, we can help restore your website to it’s last original state using our hacked recovery service.