If you’re worried about people getting into your WordPress blog, I want to let you know the ways they normally do it so you can easily safeguard against these attacks. Fortunately computer hacking is nothing like you see in the movies. They don’t plug in a fancy computer and run a bunch of numbers, usually the way people get into your website, into your WordPress blog is through some pretty simple and common means, such as an out-dated version of WordPress, out-dated plugins with vulnerabilities, and simple easy to guess usernames and passwords.
Did you know that Al Gore’s blog has been hacked, CNN blogs have been hacked, and these all happened because they used older versions of WordPress. But as soon as these high profile blogs were hacked, the creators of WordPress released a newer version that prevented these kinds of attacks.
That’s why it’s a very good idea just to keep your WordPress version up to date.
Usually when they fix a problem, it’s a very-very small and obscure bug and you can upgrade the latest version in just one click. In your WordPress dashboard, go to the updates area and they will tell you either that WordPress is up to date, or that it needs an upgrade. Click that button and you are good to go.
Now what good is having up to date WordPress version if some of your plugins still contain those security holes, If you are really worried about it then do a few Google searches for the plugins you’re using on your site and see if anyone has reported security holes or flaws with these plugins or themes. A very famous security hole in the past was called Tim-some, which was a way to resize images in a theme so you could have WordPress theme and upload a picture or a logo to that theme, and for some reason the way that it processed that, the way that it resized that image allowed someone to gain access to that WordPress blog.
If you happen to have one of those plugins or themes, all you had to do was do a quick search and update the latest version of that plugin or theme, that fixed the issue. Now on a very-very rare basis, some plugins are simply no longer updated, but if they aren’t a Google search will tell you this, that you are using an insecure plugin that has no updates, and in that case it’s a good idea to stop using it and find an alternative.
And finally, even with the most up to date WordPress and most up to date plugins, most people gain access to your WordPress by simply guessing. By simply trying to login using the username Admin and password Admin, or username Admin and password Test. So what you should do is delete that Admin user and set up a user account using your first and last name, and a password containing letters and numbers that no one will ever guess.
Those are some very easy ways that hackers get into WordPress that you can protect yourself against. Keep WordPress up to date, keep plugins up to date, and in fact, Google the names of those plugins to make sure that there are no vulnerabilities and use hard to guess usernames and passwords in WordPress.