Calgarypuck Forums - The Unofficial Calgary Flames Fan Community - View Single Post

maverickstruth · 05-16-2013, 10:59 AM

The most important thing is strong password selection. Most Wordpress hacks are brute force password attacks. Remember, a strong password is one that is long, not necessarily one with special characters and all that crap that people think makes them strong. This xkcd explains it really well: http://xkcd.com/936/

Now, aside from that, the other thing I do on my sites and my clients' sites is to install the limit login attempts plugin to give a further protection against brute force login attempts.

Also, get and use an automatic database backup plugin so you aren't relying on your host to have a backup.

Other things:

Create a second administrator account and delete the first one, so that you don't have a "user 1" in your database. And don't use 'admin' as the username.

Keep your plugins, themes and WP install up-to-date, even on sites that you maybe don't use or actively post on any more. Use only quality plugins and themes from authors with a good reputation and solid support (updates are a good indicator of this, as is a forum presence).

The are the main things that come to mind, but if I think of more, I'll post again. Really the biggest thing is password security.

05-16-2013, 10:59 AM	#2
maverickstruth Backup Goalie Join Date: Mar 2006 Location: Calgary Exp:	The most important thing is strong password selection. Most Wordpress hacks are brute force password attacks. Remember, a strong password is one that is long, not necessarily one with special characters and all that crap that people think makes them strong. This xkcd explains it really well: http://xkcd.com/936/ Now, aside from that, the other thing I do on my sites and my clients' sites is to install the limit login attempts plugin to give a further protection against brute force login attempts. Also, get and use an automatic database backup plugin so you aren't relying on your host to have a backup. Other things: Create a second administrator account and delete the first one, so that you don't have a "user 1" in your database. And don't use 'admin' as the username. Keep your plugins, themes and WP install up-to-date, even on sites that you maybe don't use or actively post on any more. Use only quality plugins and themes from authors with a good reputation and solid support (updates are a good indicator of this, as is a forum presence). The are the main things that come to mind, but if I think of more, I'll post again. Really the biggest thing is password security.