Hacking of WordPress sites has become an unfortunate epidemic, but there are several things you can do to make sure that your site does not fall victim.
- Make sure your User Name is something other than “admin.” Hackers always begin with “admin” as a user name and cycle through passwords, attempting to log into WordPress sites.
- Choose a Password that is not a dictionary word and one that is complicated, meaning that it has some capital letters, lower case letters, numerals, and a special character or two.
- Ask your webmaster, via FTP, to delete any unused themes from the “themes” directory on the server. This will eliminate attempts to hack in through the standard themes that accompany a typical WordPress installation.
- Backup your website The backup should include a backup of the WordPress database as well as actually copying the template files and uploads folder. Backup Buddy is a premium (costs money) plugin, but is well worth the minimal cost in case something does happen to compromise your website. Snapshot Backup is an older plugin but does work well. Hosting companies do backup their servers as well, but I feel it is wise not to rely solely on that.
- Install a security plugin such as iThemes Security. One click secures your site from most attacks, but there are dozens of tweaks that can be made to make your website even more secure.
- Never e-mail your user name and password together in the body of an e-mail. If credit card numbers and social security numbers can be harvested in the transmission of e-mail, so can user names and passwords.