Welcome to the Imperfect Start Blog.
Yes, I know. Starting imperfectly is not the way you want to start your online business.
It is also not my intention or the purpose of this blog to start you down the wrong path, quite the opposite.
I am still making my fair share of screw ups. Some are unexpected; some are unnecessary and could have been easily avoided.
If you have just started or thinking of starting your online business, your WordPress site is probably the first business asset you will be creating. It may even be your livelihood in the days to come. It is only right that you implement some basic security right from the start. Here are some stuff you can implement right now.
By default, WordPress allows unlimited login attempts. Even with the most secure of password, your WordPress admin panel can be easily broken into.
They are automated tools that speed up the break in process and can crack even the most secure passwords. It may take days or months for them to force their way into your site but such “brute-force” attacks could slow down your website while trying to break into your site.
And once they break in, you can say good bye to all the work you put into your site.
Don’t leave things to chance.
In this video, I point out some simple things you can do now to protect your WordPress site:
(Sorry Video Not Working!)
The first plugin I mentioned is called Limit Login Attempts. Install this plugin to limit the number of times people can attempt to login to your WordPress admin panel before they get blocked. This helps stop those who try to break into your WordPress admin panel using different passwords.
You should install Limit Login Attempts through your WordPress admin panel as soon as your site is created. Once your site gain more traction, you might want to consider more robust measures to protect your site.
Another plugin to consider is Stealth Login Page. What this plugin does is it adds another level of security in the form of a login authorization code. Those who did not enter the additional authorization code or enters the wrong code will be redirected to a site of your choosing. This is an additional layer of security to consider and it works with Limit Login Attempts plugin.
Lastly, make it a habit to manually back up your WordPress site before doing any changes to your site like installing new themes or plugin; even if you have auto backup options installed on your site. It really easy to do from your WordPress admin page. Just go to Tools –> Export and you can download a backup copy of your site.
Note: This does NOT replace the need for good security practices such as not using admin as your username, having a strong password and having a good secure hosting environment.
Photo credit: Nikolay Bachiyski