Security is as important to your website as the monetization of your website. Since WordPress is an open source platform, the original source code is made available to the public for modification.
You don’t want to give a hacker free access to the very power house of your website.
Taking a few precautionary measures to protect your website is a step in the right direction.
Today I will be teaching you the basics of WordPress security.
1: Don’t use the “default” admin username
WordPress comes with a default username “admin”.
An experienced blogger or WordPress user always knows the importance of deleting this default username and coming up with a customized username.
Come to think of it, it’s just human nature to identify with originality. So for the sake of originality as well as security – don’t use ‘admin’.
Besides being very common, every hacker’s first attempt at hacking a WordPress website is trying the username ‘admin’ and then trying to guess the password.
That gives them 50% of the access right there.
That brings me to my next tip.
2: Use strong passwords
If you remember nothing else from this article, remember this:
Avoid Clowns With Red Balloons AND ALWAYS USE STRONG PASSWORDS.
Strong passwords are NOT your dog’s birthday or some easy to guess number or phrase.
A strong password is a combination of 12 or more unique characters. Characters like upper & lower case letters, numbers and special characters like $#*[email protected]
Tools like RoboForm and LastPass could come in handy to help you generate strong & unique passwords, AND remembering them.
Also, don’t write passwords on post-it notes and stick them on your monitor for the world to see.
Plus it is a good idea to change that login password regularly.
I believe both RoboForm & LastPass have built in reminders to let you know when it is a good idea to change those passwords. There are some security plugins for WordPress that can do this also & I’ll get to the plugin stuff in a bit.
3: WordPress Hosting
Recently, the big players in the website hosting industry go the extra mile in protecting their servers against threats. The onus lies on you though, to do your research and find the right hosting for your WordPress site with a reasonable level of security.
Because of the vulnerability of shared hosting, a hosting platform where multiple users share the same server, the risk of having a hacker attack a neighboring website is very high.
Hosting providers like A2 (affiliate) and Liquid Web (affiliate) provide very reliable hosting with a good amount of security. Plus their support is top notch.
4: Install a WordPress backup solution
We understand that there is no ultimate solution to internet security. Even the White House can be hacked.
The idea is not to eliminate but to reduce the chances of being hacked.
Backup solutions help you recover your files and information in case of any problem or attack. At best, we suggest storing it on a cloud service like Amazon or Dropbox.
Do NOT store those backups on the server where the site is located.
If the site is compromised then there is a chance those backups are as well.
5: Install WordPress security plugin
For security reasons, you may want to keep track of everything that happens on your website like file integrity monitoring, failed login attempts, malware scanning, etc.
The good news is, there is a unique plugin that can take care of these and the coolest part is, it’s free! The name is Sucuri Scanner.
A quick search on WordPress.org will give you more possibilities.
6: Delete unused plugins & themes
Delete all unused plugins & themes, as this can create loopholes that hackers can use to easily gain access to your website.
Old and unused plugins and themes are some of the primary factors that can attract malware attacks and many other website issues. Only download plugins and themes from a well-known source. It is advisable to download your plugins and themes from WordPress itself, since they will have been scanned before being placed on their site
There are more security items you can put in place like 2-step authentication, Web Application Firewall and adding code to your sites htaccess file, but the items I’ve covered here will be a great start in discouraging the average hackers and get them moving on to the next less secure site.
One last thing, ALWAYS* keep your WordPress site core files up to date. Also your plugins and themes.
I would like to hear from you. What are the security challenges you are facing?
*Regarding updates to the main core files of your WordPress site. Basically wait 3 or 4 days after a major update is released before adding to your site. Apply Minor or security updates immediately.