Hackers love targeting WordPress fansites and our servers are constantly seeing hackers attempt brute force logins among other techniques like SQL injection. The best way to prevent your fansite from getting hacked is to follow our guide to locking down your WordPress install!

  1. Install WordPress in a Subdirectory: See Instructions
  2. Give WordPress a UNIQUE table prefix:
    • This is very easy to do BEFORE you install wordpress. During install look for the field that by default has wp_ in it. You simply need to change that to something unique like wp_yourfansite
    • This is NOT easy to do after you have already installed wordpress, but it can be done: See Instructions
  3. DO NOT use the default “admin” login for wordpress.
    • Create a new admin account named “Josh” or something like that then login with the new admin and DELETE the old “admin” account.
  4. Use very long and SECURE passwords. Your password should be OVER 32 characters if you want it almost impossible for brute force to break.
    • Bad password: 00550555mD
    • Good Password: dg&*^&jJHGkkjhG**l;:JUHC$#VjhjhtUYKjhbg (no reason not to use a long password, not like it isn’t saved for you by your browser) If you lose the password you can easily use the “lost password” link to reset it, just be sure you use a valid email associated with your admin account. If you lose access to your site just send us an email for help!
  5. Disable the WordPress theme & plugin editor: This means you will NOT be able to edit your theme or plugins inside wordpress!
    • Open the file wp-confip.php and add the line of code: define(‘DISALLOW_FILE_EDIT’,true);
  6. Other steps you can take to harden wordpress: See Guide

If you need any help securing your wordpress install then please just contact us and we will help you secure your fansite.