Keeping Your WordPress Site Secure
It's quite easy to get up and running with a Wordpress website. In case you didn't know... I happen to offer Wordpress development, so if you're in need of anything, do get in touch!
WordPress is great – we already know that. It’s the most popular CMS around – powering over 20% of sites on the internet. Like any piece of software though, it has its fair share of security vulnerabilities – whether these are caused by code issues, or through the use of outdated plugins, there are many steps you can take to strengthen your site security. I’m going to go through some of the steps I take when working on client WordPress sites below.
Keep plugins updated
One of the simplest things you can do to help keep your WordPress site secure is to make sure that any plugins are always kept up to date. Hackers will often try to target older versions of plugins, which can open you up to a whole number of vulnerabilities! WordPress has had automatic upgrades since version 3.7, so take note of them and stay updated! The same goes for your version of WordPress – be sure to keep this current.
Use strong passwords
This should go without saying – but avoid using simple usernames like ‘admin’ and even simpler passwords like ‘password123’! If you use credentials like this – your site deserves to be hacked!! According to WP Template, an estimated 8% of WordPress sites are hacked due to the use of weak passwords. Don’t fall into this category, use something like 1password (premium) or KeePass to generate strong passwords.
Consider using a security plugin
This is a great way of helping to prevent a range of attacks, including brute-force attacks. If you want to lock down your WordPress install, I’d suggest using something like Wordfence – which will help block malicious networks, and provide you with more information about your site visitors.
The bottom line is, your site should be secured with an SSL certificate. Most modern browsers will now highlight any insecure sites to the user, and with LetsEncrypt offering free certificates, there's really no reason not to have one.
Secure the database
The database is the holy grail to devious hackers! If someone gains access to this – it’s pretty much game over. There are a few things you can do to ensure your WordPress database is as secure as possible though. For a start – don’t use the default ‘wp_’ prefix during the install. Change this to something random – it can be anything. Be sure to also use a strong database username and password – mix up those uppercase, lowercase and punctuation!
If you’ve already installed WordPress, you can use a plugin like WP-DBManager to make changes to your database.
Perhaps one of the most important items on this list! Ensure you have a regular site backup in place, so worst case scenario you may only lose 24hrs worth of data. I’d personally recommend either VaultPress or UpdraftPlus if you're looking for a plugin, but most decent hosts will offer daily backups - though, there's no harm in backing up your backup!
Unfortunately, nothing on the internet will ever be 100% secure… determined hackers will often find a way, but that doesn’t mean we need to make it easy for them! Make sure you’ve done everything you can to ensure your site is as secure as it can be.