Tip 4 Encrypt Your WordPress Login - Administration

A standard way of encrypting the logins is to use secure protocol HTTPS. However, this can be both expensive and technical for beginning webmasters to install. The simplest way you can still encrypt the WordPress login is to use the "Semisecure Login Reimagined" plugin: http://wordpress.org/extend/plugins/semisecure-login-reimagined/

Why do you need to encrypt your WordPress logins? When you log in, your browser sends the data to the server in plain text. This means that your username and password information travels over the Internet in a plain text format that anyone can understand -- and anyone can snatch it using network packet sniffing tools. These usernames and passwords can then be used by those with malicious intent to exploit your website.

Below are the steps you need to take to install and configure the "Semisecure Login Reimagined" plugin.

1. Download the plugin here: http://wordpress.org/extend/plugins/semisecure-login-reimagined/ 
   
   
2. Once downloaded, right click on the package and click "Extract here."
   
   
3. This will extract the folder named semisecure-login-reimagined.
   
   
4. Upload this folder to the wp-content/plugins directory of your WordPress website.
   
   
5. Log in to your WordPress admin panel and then go to the "Plugins" section.
   
   
6. Activate the Semisecure Login Reimagined plugin.
   
   
7. Under "Settings" click the "Semisecure Login" link.
   
   
8. You need to generate a strong key. Under the "number of bits," change "2048 bits" to "3072 bits," and then click "Generate Key."
   
   
9. Once it's completed, change your WordPress admin password by going to "Your Profile" under "Users."
   
   
10. Log out from the WordPress admin panel and clear your browser cache and entire history.
    
    
11. Try logging in with your new WordPress admin password. This time, this password is encrypted on its way to your WordPress website server.

Tip #5: Back Up WordPress and Update Core Files

This is very important. Once you see a warning in your WordPress admin dashboard telling you to update because a new WordPress version has been released, you need to update your core files immediately -- provided you have completed backups of your WordPress database and theme files.

Read this important guide pertaining to the technical procedure on how to back up WordPress files and its database: http://codex.wordpress.org/WordPress_Backups

It is advisable to install your WordPress on a local web server, such as XAMPP in your computer. And then you should use your backup database and files. The objective is to test whether you have a fully working WordPress backup.

You can read this important guide on how to back up your WordPress website and database without using a commercial solution. It also lets you test backups in a local server: http://www.devshed.com/c/a/Administration/How-to-Back-Up-WordPress-Files-and-Databases/

Tip #6: Take Care of Your WordPress Admin Logins

Despite your efforts to provide encryption and security to your admin directory, things can still go wrong if you fail to take care of your WordPress admin logins.

Below are some important guidelines on how to protect your WordPress admin logins inside and outside of your computer:

1. Never upload a text file or any document file (such as MS office documents) containing a password online, or in your server, or any place in the Internet.

This is very risky, because search engines like Google are known to index hideous places in your server. And of course, malicious users can mine your password in the Google index. Even in 2011, you can still find a lot of WordPress websites where the administrators are not aware that their passwords are being published online through a document file, etc.

2. Never share admin login credentials with the other members of your team. The best rule of thumb is that only the team leader has the admin logins. This will minimize the occurrence of password leakage on the part of your team.

3. Put your admin password in a safe place. The most recommended safe place is KeePass: http://keepass.info/ , which will store the password in an encrypted database.

4. Change your admin password once every three months. This is a good security practice that is even applied by most online banks.

Tip #7: Read the Final Advice on WordPress Security

WordPress has indeed written a very useful guide on hardening WordPress here: http://codex.wordpress.org/Hardening_WordPress

If you are a beginner or interested in further securing your website beyond those tips, it is highly recommended that you read the guide and implement it on your WordPress website.

There are also great security plugin solutions, such as Bulletproof Security: http://wordpress.org/extend/plugins/bulletproof-security/ but it is recommended that you understand the basic security concepts before diving in and relying on all-plugin-based solutions.