GPWA Times Magazine - Issue 32 - June 2015

to problems. This is not a recommended approach, as you might lock yourself out. When searching for ways to make your WordPress site more secure, you'll prob- ably stumble upon advice to use two- factor authentication. With two-factor authentication, a code is delivered to your e-mail or phone every time you log in, and you enter that code in order to log in as the administrator. This is irri- tating, time-consuming and redundant. Just changing the admin username will do the trick, and password-protecting the /wp-admin directory will make it a fortress. Use strong passwords Use strong passwords for everything— WordPress administrator login, author login, FTP, e-mail, MySQL user, cPanel and everything else. While it's unlikely that you'll be subjected to brute force or dictionary attacks, password strength is still vital. If someone steals your pass- word, all is lost. Use passwords at least 12 characters long that include uppercase and lowercase letters, numbers and sym- bols. Don't use the same password twice. Change all of your passwords periodi- cally, every year or so. Ensure your own computer is free of malware If your computer is infected, an attacker can potentially gain access to your pass- words, bypassing everything else you've done to secure your WordPress site. It's important to keep the machine you're us- ing to administer your site free of viruses and malware. Scan often, scan with more than one security tool and don't visit sites of questionable quality on the same com- puter. In other words, don't watch porn or download torrents with the same machine you're using to run your website and log into your affiliate accounts. A 2012 study by website security company Incapsula concluded that 51 percent of all website traffic is nonhuman. Five percent of all traffic is from automated hacking tools searching for vulnerabilities, and 2 percent is from automated comment spammers." 35 WordPress security essentials