How To Secure Your WordPress Website
How To Secure Your WordPress Website
WordPress websites are only as secure as you make them. Many common security flaws that people make such as the same passwords for everything, or unsecure passwords being used to log in to the website are the common way for hackers to break into your website and cause havoc.
However there are more ways that hackers can get into your website that you may not be to familiar with. Old versions of WordPress, Themes and Plugins are a popular way for WordPress hackers to attempt to access your website.
Here are some of the top ways to keep your website secure:
- Keep WordPress up-to-date.
WordPress is great at notifying you of updates that need doing to keep your site up to date. WordPress, Themes and plugins often get updates to combat security flaws that have been discovered since the item was launched. If your website isn’t keeping on top of these updates, your version may be left behind and attacked by people who have exploited this loophole.
- Delete plugins or themes you are not using.
Getting rid of themes or plugins that you are not using is good practice to keeping a clean website, and also reduces the liklihood of being hacked, as if you are not using these, then the chances are you are not going to be updating them!
- Don’t use admin as your username.
Admin is the most popular log in name for WordPress websites, and reduces the level of security provided by default straight away if a hacker is attempting to enter your website this way.
- Change your password often.
Random strings of numbers and letters are the best for security, there are many password generators available online, if you don’t want to make one up yourself. This also applies to any guests that can log in to the website.
- Create Backups.
I don’t mean one backup every 6 – 12 months. You need regular scheduled backups. There has been lots of times a backup has saved our skin after something unplanned happened. Recent backups also help preserve the work that you have done in recent times. Imagine if you have wrote a few blog posts and done quite a bit of work on your website, when something happens and you have to restore your website from a previous version. If your backup is from 2 months ago, you will lose all the work that has gone into your site in the last 2 months. Speaking from experience, this is annoying to say the least.
- Use good, secure hosting.
Not all web hosting providers are created equal and, in fact, hosting vulnerabilities account for a huge percentage of WordPress sites being hacked.
When choosing a web hosting provider, don’t simply go for the cheapest you can find. Do your research, and make sure you use a well-established company with a good track-record for strong security measures.
It’s always worth paying a bit extra for the peace of mind you get from knowing your site is in safe hands.
Contact Interact-IT to discuss your Hosting.
WordPress Security Plugins
There are certain plugins that can also help you protect your website from attacks, these can block certain users from attempting to access your website, to blocking entire countries from visiting your website. Wordfence is a plugin that we have used in the past and highly recommend. A website that we host was being constantly attacked by thousands of different people from a small number of locations. We blocked the majority of these attackers by blocking the IP addresses of the attackers, as the majority all started with the same numbers, the Wordfence plugin allowed us to do this easily, and also lets us know anytime a suspicious login attempt is taking place.
Here are some other plugins that you may find useful to secure your website.
- better wp security – offers a wide range of security features.
- bulletproof security – protects your site via .htaccess.
- all in one wp-security and firewall – adds a firewall to your site.
- sucuri scanner – scans your site for malware etc.
- websitedefender wordpress security – comprehensive security tool.
- exploit scanner – searches your database for any suspicious code.