Essential WordPress security
We know that having your site hacked is not fun. There are a handful of potential security risks, when running a website, that we have no control over. You, the website owner, need to pay attention to these potential security risks, in order to keep your website safe.
With that in mind, here are a few things you can do to improve your WordPress security.
1. Maintain strong passwords
Let’s kick off the list with the easiest step you can implement immediately. Excuses like, “But I want one password for all of my sites so that I won’t forget!” or “My (generic) password is good enough, and what are the odds that someone is really going to try to hack me?” are not acceptable.
A popular site like Copyblogger, sees 275 unauthorized login attempts … every hour.
So if you aren’t using a password that’s at least ten characters, with numbers and letters, capitals and lowercase … you’re doing it wrong.
2. Always keep up with updates
WordPress updates are not just released for the Google News search results. They are released to fix bugs, introduce new features, or, most importantly, to patch security holes.
Will WordPress (or any software program, for that matter) always be one step ahead of the hackers? Of course not. Quite the contrary. For the most part, as with performance-enhancing drug testing in sports, software is always going to be one step behind the hackers. That’s just how it goes, it’s the world we live in.
But when major security holes are known — and patches are available — there is no excuse not to implement them. Thus, there is no excuse not to keep up with WordPress updates.
3. Protect your WordPress admin access
Should you change the name of the default “admin” user that every WordPress installation starts out with? Sure, you can. It certainly isn’t going to hurt.
4. Use secure hosting
Not all web hosting providers are created equal and, in fact, hosting vulnerabilities account for a huge percentage of WordPress sites being hacked. When choosing a web hosting provider, don’t simply go for the cheapest you can find. Do your research, and make sure you use a well-established company with a good track-record for strong security measures. It’s always worth paying a bit extra for the peace of mind you get from knowing your site is in safe hands.
5. Clean your site like you clean your kitchen
Clean up and organize your file structure like you would your kitchen. It will keep you safe in more ways than one.
6. Keep a backup
I can’t overemphasize the importance of making regular backups of your website. This is something that many people put off until it’s too late. Even with the best security measures at your disposal, you never know when something unexpected could happen that might leave your site open to an attack.
If that happens you want to make sure all of your content is safely backed up, so that you can easily restore your site to its former glory.
7. Use security plugins
As well as all of the measures above, there are tons of plugins you can use to tighten your site’s security and reduce the likelihood of being hacked.
Here are a handful of popular options:
- wordpress.org/plugins/better-wp-security/ – offers a wide range of security features.
- wordpress.org/plugins/bulletproof-security/ – protects your site via .htaccess.
- wordpress.org/plugins/all-in-one-wp-security-and-firewall/ – adds a firewall to your site.
- wordpress.org/plugins/sucuri-scanner/ – scans your site for malware etc.
- wordpress.org/plugins/wordfence/ – full-featured security plugin.
- wordpress.org/plugins/websitedefender-wordpress-security/ – comprehensive security tool.
- wordpress.org/plugins/exploit-scanner/ – searches your database for any suspicious code.