If you own a website or help maintain one, it’s important to make sure that you’ve taken some basic measures to prevent the different types of website attacks. In this new article, Zack Barton covers 5 quick steps to beef up your website’s security, and / or stop a current website attack. This can be applied whether you’re using WordPress, or practically any other popular content management system.
The first step we recommend taking is backing up your site and updating it. If you’re using a content management system such as WordPress, make sure you update to the latest version. You don’t want to leave anything outdated, and you don’t want to leave any old unused plugins or user accounts laying around. So make sure you update your content management system, as well as any plugins or extensions you’re using.
Our second recommendation would be to force a password reset to all existing admin users. This is obvious to most, but some don’t know that passwords should be very hard to guess of course. So you want to make sure you’re using mixed case, letters, numbers, special characters, etc.. If you’re a WordPress user, we do recommend a plugin for this. It’s free, and it’s called Emergency Password Reset.
The third recommendation we would make in this case would be the Expire Passwords plugin if you’re a WordPress user. This forces all admin users to reset their passwords every 30 days.
The fourth recommendation we would make would be to limit the number of login attempts. If you’re a WordPress user, you can user a free plugin for this called Limit Login Attempts Reloaded. This would set something up where you would only allow three login attempts per IP address. And if you’re using any other content management system, of course, you can find something very comparable out there.
Our fifth and final recommendation would be to prohibit access to your admin from any countries that you normally wouldn’t login to your admin from. Some would call this geo-blocking, and the idea here is to stop people from even accessing your admin login screen if they don’t live in the country or countries that you normally live in. For example, if your website is in the United States and you never plan to leave the country, you can go ahead and safely block all other countries from even accessing your admin login screen. This is very easy to do if you’re a WordPress user, with the free plugin called iQ Block Country.
Those are our recommendations for beefing up site security or stopping a current attack. Please be sure to comment below if you found these recommendations useful or if you have any additional thoughts to share. Thanks again, and have a great day!