Let me start by telling you that I am NOT a security guru. The fixes that I am going to tell you about will significantly reduce the odds of a hacker busting into your WordPress site. So, I really recommend you start with the simple things that you can do, and build a wall around your site.
My history with WordPress Hackers goes back a couple of years. I had been hacked numerous times. Most of the attackers were from the middle east and from old Soviet block countries. They were not getting anything of value from me. Just waisting hours of my time as I would have to hunt down the damage and recover my wordpress sites from backups.
The frustration that I went through had me ready to give up and go back to the stone ages. But, I kept trying to fortify my defences against attack. I finally found a handful of things that made my sites secure (I have around 30 of them).
Let’s start with a really simple one:
Hide your WordPress login page.
The logic is simple. It’s harder for someone to break into your house through the backdoor – if it’s not in the back of the house! 99.99% of wordpress login pages can be found at www.myblogname.com/wp-admin . So, you move it! How about your login page is at www.myblogname.com/otispdriftwood ? Now, when that little bastard hacker tries to launch a password attack against ‘wp-admin’ – it’s just not there! The backdoor is not at the back of the house, where the hacker is expecting to find it!
How to move your WordPress login page to slow down hackers.
This is very cool.
Simply go to your WordPress plugins page (from your wp control panel)
Click on ‘Add New’
In the Search Plugins box (upper right) type ‘WPS Hide Login’ and hit ENTER
Now click on it and install it.
Now, activate it.
Once it’s activated, go to your SETTINGS-> General
Scroll to the bottom of the page to find the WPS Hide Login dialog box. Change your login and save settings!
Pick something unique. And don’t forget what you picked!
Now you’re no longer an easy target!. Not to say that some smart little hacker a$$hole is not going to figure it out – but you are going to be tucked away from most!
Next, I am going to tell you about a couple more security fixes, including tools to limit and block login attempts.