You have built a site with your heart and soul. One day you will see that you no longer have access to that site. How does that feel to you?
Of course, it’s horrible. It happens when you don’t take proper steps to protect your website.
There are some common mistakes site owners usually make. If you’re running any website on WordPress CMS then you have to keep an eye on these mistakes to protect your site from potential threats.
So in this blog, I am going to share some of these mistakes and how to keep aware of them.
1. Using “admin” as a username
I have been using WordPress for so long. It’s since 2018 almost 4 years. The most common mistake new user site owners make is using the default. Earlier versions of WordPress had a default admin user. Unless you don’t delete it, it will remain on the site.
This can cause problems with WordPress security. It can make it simple for someone to log into your website. If a hacker wants they can try a lot of different passwords using this admin username. They could even try this using a computer to try hundreds of passwords every minute.
This was the scenario of the past days. WordPress is now even more smart. They allow users to create their primary password. If you have not changed your site’s older username, it’s time to remove it.
Way to delete the older user
It’s very simple to delete the older user. To delete the user-
- Navigate to Add New from your site dashboard User tab. Now create a new user and set the role to administrator.
- After that, get back to the User page and delete the old user
WordPress system will ask you if you want to delete or re-assign all the assigned blogs and posts from the old user. Choose the second option otherwise, you’ll lose all the contents and posts.
There is also an alternative to this. You can simply use a plugin Easy Username Updater to change your admin user. To achieve this you have to-
- Install Easy Username Updater on your site. Go to Plugins >> Add New and search for that plugin.
- When the plugin is installed, go to the User tab again and click on the Username Updater
- On the updater page, set a new username and click on the Update button
2. Using a Poor password
Poor password is a kind of threat. If you’re using a very weak password like “112233” you’re providing your access to hackers.
Usually, a nine-character password takes five days to break for a hacker and ten-character words take four months to break.
I recommend using a 16-character password for any website. This is the only way to keep your site safe and secure.
Steps to update the existing password
It’s very easy to update the existing password. You can update the password by
- Navigating towards the Users page. Click on the Edit button of the user you want to update the password. After that, scroll down and click on the Set New Password button. When you see the new password showing click on the Update User button.
Now your new strong password is set for your site. If you’re thinking of providing your name or email as your own password please keep these on your head.
- Never use your username on the password
- Do not use the Website name
- Avoid using dictionary words
When you’re providing any password on a WordPress site make sure it is only for that site. Do not use the same password for multiple sites. Use a mixture when you’re creating any passwords.
3. Not Using Security Plugin
If you did all the security steps to protect your site still this could happen. For this, you have a solution for your WordPress website. You can use any security plugin to protect your website from hackers.
Some popular plugins for website security
There are some popular WordPress plugins available for websites. Here are some of them –
- All-in-one WP Security
- Anti-malware Security
Wordfence: Wordfence is known as the most popular WordPress security plugin. It’s free to use for malware detection, exploit detection, and threat assessment features.
This plugin also has a built-in WordPress firewall.
Succuri: Succuri is also known for its popularity. It also comes up with multiple features like security activity auditing, file integrity monitoring, security notification, and some other features.
All-in-one WP Security: All-in-one WP Security is also a top-rated security plugin with more than 1Million+ users across the globe. This plugin provides features like Web application security, web content security, Androide verification, and many more useful features.
Anti-malware Security: Anti-malware security is also a popular firewall security plugin for WordPress. You can easily scan your WordPress site using this plugin. With this plugin, you can completely remove known threats, malware, and database injections from your site.
You can use any of these plugins but remember installing the plugins will not work for your site. You have to take proper measures for everything. You need to keep an eye on the updates and notices shared by the security plugin.
4. Outdated Plugin
Plugins are the root of any website after hosting any site to WordPress. Plugins help you to build your site from scratch and it can ruin your site within seconds. So, it is important to know how a plugin can crush your site or how plugins on your site can be maintained.
How outdated plugin causes issues on the site
Outdated plugins can ruin your entire business if they are not taken care of properly. The most common issues that occur by outdated plugins are-
Security Vulnerabilities: Outdated plugins are more likely to have security issues. Hackers or spammers can take the chance to get unauthorized access to your WordPress website and inject malicious code.
Compatibility Issues: As a web content management system (CMS) like WordPress, outdated plugins may not be compatible with the WordPress latest version. It can lead to device display issues, broken features, or even site crushes.
Bugs & errors: Outdated plugins may contain bugs or critical errors that have been fixed on the latest version. These bugs can lead to issues like broken links, malfunctioning forms, or any other unexpected errors on your website.
Incompatibility with other plugins: An outdated plugin may cause different problems. This can cause conflict with other plugins, causing unexpected behavior and site instability.
What to do with an Outdated plugin
As a website owner, you have to keep all the plugins up-to-date. So the question is how you can check the outdated plugin. It’s very simple to check the outdated plugin. If you’re new then follow the steps below-
- First, navigate to your site dashboard plugin page. On the plugin page, you’ll find the Update notice
- You can also check it from the update bar on your site dashboard. You can easily make these plugins up-to-date. By clicking on the update button your plugin will be updated.
One thing, before updating any plugin you have to take a backup of your site. If the plugin is older by several years then you should look for an alternative to it.
Some Additional Tips for the WordPress Website Owners
Before finishing, I want to add some more tips that can help the site from being hacked or if anything goes wrong with your website.
- Make sure your WordPress site is properly protected. For this, you can use SSL for your site. You can also set Cloudflare. This is a popular web application firewall that protects any website from being a harmful attack.
- Perform daily backups. You can tell your site hosting provider to take regular or weekly backups to your website. Otherwise, you can use free backup plugins that are available on the WordPress repository.
- Use popular themes and plugins on your website. There are many popular themes that are maintained regularly. It’d be a good choice if you choose one of them when building your website.
- Never share credentials with anyone. Instead, use a plugin that provides a temporary login to someone to log in to your site.
Website owners have to face a lot of issues while running a website. These are like giving huge tension to them. If you’re a website owner then you must follow the above solution for your website. This will at least give you relief from the uncertain issues.
For better website performance, there are no alternatives to this. So, you have to take regular backups, use up-to-date plugins on your website, do regular updates to them and the most important thing is set protection. So, any spammer or hackers won’t be able to do any harm to your website.
About the Author
Mustakim is a Support Engineer and a Business Developer. He loves sharing his knowledge to help the people. He is actively involved in developing a business for Pluggable.