As the most popular content management system on the internet, WordPress sites are favorable targets among hackers. WordPress recently rolled out additional security to help address this issue but it’s up to you to take matters into your own hands to ensure the safety of your site. How can you protect your customers and limit malicious attacks? Here are some suggestions to get started:
Find Reliable Hosting
Make sure your WordPress site is hosted with a reliable hosting company. We recommend Bluehost, but there are other companies such as WP Engine, which also offer secure, reliable hosting. Web hosting is one area where you often get what you pay for, if the web hosting is free, it may not be as secure as other options available.
Run Backups
Make sure your site is running daily or AT LEAST weekly scheduled backups — depending on how often you update content on your site. (Some hosting companies will offer this feature as an addon, but we also like Updraft Plus as an extra precaution.) Regular back-ups can mean the difference between a temporary delay and a complete shut-down of service for your online presence. If something were to go wrong with your site, you would have the option to restore a previous working version from one of your regular backups.
Update Your WordPress Site
Having out-of-date plugins, themes and a WordPress database itself, can leave your site more open to vulnerabilities. Always keep your site up-to-date and remove any plugins you are not using. We also recommend running a manual backup before performing updates just in case a recent update causes an incompatibility issue. Need help? We offer monthly maintenance packages to make sure your site stays-up-to-date.
Select Secure Usernames and Passwords
Generic passwords create an instant vulnerability hackers can leverage; use secure usernames and passwords on your WordPress site. Hackers like to attempt to log in using the default username “admin,” so take the time to develop unique administrative usernames more. Also, don’t resort to simple passwords which are common or easy to figure out. Make sure your passwords are strong: use special characters, uppercase and lowercase letters, and numbers.
SSL Certificate
An SSL certificate puts website visitors at ease by encrypting traffic between your servers and website. SSL was once only necessary for ecommerce to protect customer payment information. However, Google now requires an SSL certificate as part of their ranking algorithm and your site may throw up an insecurity warning if you do not have a certificate installed.
Advanced Security
Need to really beef up your security? Additional measures include:
- Limiting the amount of login attempts
- Protecting your wp-config file
- Removing editing capabilities of your WordPress template files from the admin dashboard
- Adding an extra layer of protection to your admin area
- Limiting administrative access to your site by ip address
- Monitoring your site and run monthly scans for malware
- Using a firewall and/or security plugin such as Sucuri for hardening your site
Careful — some of these advanced features require a clear understanding before implementing or else you could potentially damage your site.
and thanks to @DanielRufde here are some additional tips to look into! https://websectools.com/