A website is a great investment to have in one’s business, and WordPress is an excellent publishing tool. WordPress is inexpensive and simple to use, but its popularity as a publishing platform also makes it a target for hackers, so what can you do to improve your WordPress website security?
How do you keep your website safe? And do you need to be an IT whiz to figure all this website security stuff out? Not necessarily!
Here are 5 simple things you can do right away to improve your WordPress website security!
1. Use a Secure Username and Password
When a hacker tries to log-in to your website, their first guesses will be “admin” and “password”.
Not only that, but they will likely have a computer program automatically run through a list of common names, dictionary words and all possible combinations of “password1234” on your log-in page.
That’s why when you’re creating a new account on any website, you are asked to make a password with UPPER and lowercase letters, symbols, etc. The time and effort guessing combinations of letters, numbers, and symbols just isn’t worth it for a hacker.
2. Keep WordPress Updated
WordPress is constantly improved and checked by its authors to ensure that it is safe and stable for everyone.
However, hackers can take advantage of bugs found in old versions of WordPress and use this to insert ads and links to unsavory websites, shut your website down, or worse, insert other nasties that could potentially harm your computer or someone else’s. This can even spread to other people’s websites.
WordPress will occasionally update automatically if there’s a major security update, but it’s still wise to do this manually so that you’re always one step ahead of the risks.
You can tell if WordPress or your plugins need to be updated by looking at your dashboard.
3. Keep Plugins & Themes in Check
Plugins and themes are great as they add extra functionality to your website, but these may also need occasional updates to keep them secure and working well.
Most plugins and themes are not maintained by the same people who make WordPress itself. So not only could hackers take advantage of vulnerabilities in old versions, you’ll also want to check that the developer is still maintaining it.
Occasionally, if the plugin is not abandoned, it may change hands to a different author – You may want to keep an eye on it, in case this new author decides to insert sneaky pop-up ads or otherwise not maintain it to the same standard that the previous person did.
Even if you are not seeing any negative changes from using your plugins, you may want to set a date on your calendar 6 to 12 months to assess whether they are still the right tool to help you do what you want with your website.
You can find this out by checking for updates and reviews for each plugin on the WordPress plugin directory, or (if it’s a premium plugin) on the website where you originally downloaded it from.
If you see the above warning, many negative reviews, or lack of response from the plugin author in the comments section, it may be time to reassess whether you still need that plugin, or whether there is a newer and more stable solution.
REMINDER: Back up your website BEFORE updating WordPress, any plugins or themes. Just in case the update doesn’t work as planned.
4. Keep Backups of your Website – And keep your Backups Off-Site
In the unlikely event that something does go wrong, it’s always a good idea to keep backup copies of your website.
It’s also recommended to keep your backups off-site (that is, not on the same server as your web hosting), just in case the files on your web hosting server are compromised in any way, or if something goes wrong with your web host.
Some free backup plugins will come with the option to store your backups in Google Drive or Dropbox, but it may be wise to invest in a paid plugin that stores backups in a secure server.
My recommendations for this are UpdraftPlus, BackUp Buddy and Vaultpress.
5. Enable Brute Force Protection
There is a type of attack hackers on the website use called a brute force attack.
As mentioned earlier in this article, hackers will try to break into your website with all possible dictionary words and combinations of “password1234” – This is usually run automatically by a remote computer, and not only is it an attempt to break in, but the repeated knocks on your door could slow down your website.
Security plugins such as VaultPress or WPBruiser will detect if someone is trying to brute force their way into WordPress, and will lock them out. Most will give up and move along if they can’t force their way through.
These are just a few tools and tips you can do yourself to keep your WordPress website security in order.
There are, of course, more safeguards you can put in place, but I would only recommend these to someone with more technical knowledge.
Also, I cannot provide a guarantee that following all these steps will keep your website 100% safe from all dangers. What I can say is that you can rest easy knowing that you are doing the best you can for your online marketing tool.
Has your website been hacked before? Do you have questions about security of your site? Let’s talk about it in the comments below.