WordPress started out as a simple blogging platform, and it has grown to one of the most popular CMS platforms. Millions of sites have been built in WordPress, and that number continues to grow as WordPress continues to increase their offerings with not only their software, but other plugin options as well. With growing popularity, the number of hackers that target WordPress sites is also steadily growing, which is why it’s important to ensure that your website is properly secure from any potential threats.
WordPress itself is a fairly secure environment, and it’s community is always looking for any security issues that need addressed, which is why you often see WordPress updating their software versions to a more secure environment. It’s important to know that while WordPress has its own checks and balances, you too need to protect your website to ensure that your site is locked down against any security hacks.
Below is a list of my top 6 security recommendations for your website:
- Use a reliable hosting provider.
8% of WordPress Hacks are from weak logins and 25% is from out-of-date plugins or themes. Can you believe that the most common way a WordPress site is hacked is due to outdated security on the server side? That’s right. First and foremost, if you want to have a secure WordPress website, you must have a reliable hosting provider that keeps its structure current and security updated.
- Always keep up with your updates.
WordPress is very good about notifying you about software checks and balances, but it’s up to you to implement them. Consider all WordPress sources from the software itself, to theme files and even plugins. Use as few plugins as possible and keep them updated. If WordPress notifies you of an update, do some research and make sure that you are ready to update. Chances are if they are offering an update they are patching a security risk that has been made. If you have any unused plugins, delete them as they rarely get updated and they are as much of a security issue as the activated ones.
- Protect your WordPress admin login.
Admin. Password – Pretty common for people who hate keep up with passwords. Usernames & passwords like the standard I just listed can get you into a lot of security trouble. Change the default username from admin to something else and make your password difficult. A good rule of thumb is to make it something unique to you and replace letters with symbols and numbers. If you aren’t using a password that has at least ten characters, with numbers and letters, capitals and lowercase … you’re doing it wrong. Here is an 3x@mplE (like what we did there)?
4. Block access to your wp-config.php
This is a very important file that has your database user and password. However, it is easy to protect by just adding this little strip of code to your .htacess file.
<files wp-config.php>
order allow,deny
deny from all
</files>
- Guard against brute force attacks
Some of the more popular sites get thousands of failed login attempts a day. Your web host should be helping you guard against these, by monitoring where they come from and then locking out the offending IP. There are programs that can be installed that also helps limit login attempts, which makes it more difficult for these types of attacks to work.
- WordPress security plugins.
There are a number of security plugins available, in fact, many do a few of the above steps with just a few clicks. Some offer malware scans and other useful features, like blocking the number of login attempts, database backups and hiding your WordPress version. Some of the more popular ones are; Sucuri Security, Wordfence Security, iThemes Security.
As someone who has “cleaned” up a couple of hacked WordPress sites, I can attest that these simple precautions are well worth the time and effort, and does not take near the time or energy it takes to recover from a successful hacking.
Presenting Experienced Web Development strategies, SEO recommendations, and Digital Marketing services to Orlando, Atlanta & Wichita businesses.
Thanks for reading. If you enjoyed the blog, please share.
Best,
Rick
