Hi there What's the best way to protect my wordpress site from hackers? I had my site hacked into before, and it took a while to clean it up. I noticed you can change the user-name during the installation from 'admin' to a new name. I was wondering if this is one of reason for hacking, using the 'admin' user-name? Any advice? Thanks in advance CHEERS
Probably the best way is to keep the WordPress versions up-to-date, and if you're using cPanel for your hosting, you can do a full cPanel backup so that it's easier for you or your host to restore the site later on in case anything happens to it. Using the username admin is probably OK, although it is usually best to type in your passwords on your own computer at home, and keep the password for your site separate from other passwords. More complicated passwords would help too.
The best is not using Admin. Example, you have a login username admin (recommended not to), but whenever you create a post, your "admin" should be changed to other nickname, like your own first name or something. This way, people can't guess what your login name is. There are so many ways to secure wordpress, i also don't do them all, but most important, change cpanel pass and login pass regularly.
search the plugin directory for terms like secure and wp secure, virus, etc then if you really want to secure it modify htaccess to deny access to files
Thanks guys. I didn't know you could back up a Cpanel. True, I will have a look at the plugin for a wp secure and then change my Cpanel password on a frequent basis. Sweet.
I put together a blog which describes the set of security plugins that I use. I also gave the reason why I use them. If you have any questions, please feel free to ask: 22 Best Must Have WordPress Plugins Also, you should change the prefix that you use for your databases when you are installing WordPress for the first time.
After installation login with admin, create a user and give him administrative rights. Remove administrative rights from admin user. Besides that, latest WP asks while installing which user to create, so there is no user with the name admin by default. There are several plugins, e.g. antivirus, that scans your theme files. I am using a backup plugin to make a backup of the database every day (can be mailed to you or stored somewhere on the server). Another good "thing" is to rename the wordpress folder (if you have any) and do NOT install wordpress in the root.
There are numerous ways to help, PM me if you need hlep. There are plugins, tutorials etc out there that can guide you through it. Keeping up to date software and working with some settings within wordpress can lock it down.