It’s a sad fact that malicious malware and website hacking are an all too common reality. Therefore it’s imperative to seriously consider your WordPress website security and take appropriate steps to keep it out of the clutches of hackers.
Our list below outlines 20 easy steps you can take to maintain your WordPress website security at a high level, and give those pesky hackers the runaround!
1. Secure the login page
The standard website login page can easily be reached by adding /wp-admin/ or /wp-login.php to the website URL. Change this to prevent hackers from finding your login page with ease.
2. Change the admin username
Never use “admin” as the username for your main administrator account. Change it to something which hackers won’t be able to guess.
3. Password control
Ensure your passwords are strong by using upper and lower case letters, numbers and special characters. Change them regularly.
4. Use a login captcha
Add the captcha function to your login page to prevent robots continually trying to access your website.
5. Set up a lockdown feature
Use a plugin such as iThemes Security to lock down access after a predetermined number of failed login attempts. The user’s IP address also gets banned.
6. Protect the wp-admin directory
Use a password to protect entry to this directory which is at the heart of any WordPress website.
7. Use an SSL (Secure Socket Layer) Certificate
This encrypts data between the browser and website server protecting it from attack by hackers.
8. Manage user accounts carefully
If you grant another user access, ensure that they too have a strong password. When the user no longer needs access, ensure you deactivate their access.
9. Set appropriate levels of access
Any user with admin access to your site can edit files, plugins and themes. Manage this by giving users the level of access they need. For example, if a user only requires to edit pages and posts and add new images etc. then they only need “Editor” level permissions, not an admin.
10. Use security orientated plugins
Eg. Sucuri Scanner and WP Security Audit Log
11. Use only reputable themes and plugins
Only ever use themes and plugins from reputable suppliers and ones which have been recently updated. Which indicates they will be optimised as far as possible from malware threats and be compatible with others
12. plugins or themes that you don’t use
If you’re not using them, you’re likely to forget to update them. So best delete them to prevent hacking. This also helps to improve the speed and operation of your site.
13. Choose a secure hosting company
Opt for the best hosting you can afford, ensuring that the company addresses security vulnerabilities on its own host.
14. Make regular secure backups
Ensure your website is fully backed up. So in the event of hacking, you have the backup to revert to. BackUpBuddy is a great plugin which automatically backs up your site.
15. Monitor for Malware
Run regular Sucuri checks (which are free) but bear in mind that, depending on the infection, they don’t always show a problem.
16. Remove any malware as soon as possible
If your site has been infected, you may not be able to remove the malware yourself. So, in that instance, you will need to pay a WordPress specialist company to fix the problem.
17. Update core system
As new versions are released – WordPress versions are regularly updated to fix bugs and prevent vulnerabilities that have been identified in the previous version. Your dashboard helpfully shows when new versions are available. However, before doing any updates, ensure your site is fully backed up.
18. Update plugins
As new versions are released – check for new releases in the plugin section of your website. But before you update any plugins, ensure they are compatible with the core WordPress version you are using. Also, make that all-important website backup before you do anything.
19. Accessing your website
When logging in from your computer, ensure your PC is virus-protected by installing antivirus software (eg. AVG, Avira, Comodo).
20. Use some common sense!
Never log into your website on an unsecured network!
We hope you find these 20 tips about WordPress website security useful and that you’ll crack on with implementing them – the sooner you do, the sooner you’ll be giving potential hackers a much tougher time!
If you need help to maintain your WordPress website security – or indeed have any other WordPress related question – why not drop us a line? We’re sure we’ll be able to help!
