By: Rafal Kukla Updated on: August 13, 2020
WordPress security should be on your list of top concerns when operating a Wordpress site. Website security and cybersecurity are topics of enormous importance in 2020, especially as the number of malware attacks and website hacking incidents has increased in recent years.
In this post we will show you why and how you should improve your WordPress site's security.
Why should you pay attention to your websites security?
For big tech companies and large organisations, outsourcing their WordPress site management to a professional organisation or hiring a Wordpress security specialist is vital. Websites can be taken down by hackers and malware, and this could leave you out of business.
It's a scary thought, especially if you don't have a clue where to start and how to ensure your WP site has watertight security. If not taken seriously, your website could end up blacklisted. If your site is blacklisted, it could lose its search engine ranking. Your site could be permanently removed from search engines like Google. Blacklisting is already happening, and sadly Google blacklists around 10k websites per week because of other people's adverse actions.
If your income and working life depend upon your Wordpress site, then you need to start paying more attention to the security of your website.
How to improve your Wordpress site's security
Keep your Wordpress site up to date
Keeping your Wordpress updated can be challenging, especially as you can't update everything you need using a single update. Wordpress will automatically install minor updates, but for significant updates and releases, manual updates will be necessary.
If you have installed a theme or plugins on your site, you will also need to ensure that you are hosting up to date versions. This can be a challenge for some but as the updates can be quite regular, ensuring you are up to date is essential to keeping your site running at its best.
Updating your themes, plugins and Wordpress essentials is crucial for the security and overall performance of your website. You must ensure everything on your site is up to date!
Ensure you have strong passwords
The most common hacking method used to get in to and take over sites on Wordpress is password hacking. It would help if you were careful whom you share your login password with. Ensure that you don't have your password written down on an unsecured laptop/computer or in a place where prying eyes could lay hands on it.
Ensure you use a professional company like ForgetWP to manage your Wordpress site and hosting and be weary of ging out your login details overseas freelancers who have not been accredited for their work. You should not give access to your Wordpress admin to anyone but your Wordpress Site Manager, unless necessary.
Change and secure the passwords and login permissions for all of the following:
- Wordpress Hosting Site
- Domain Hosting Site
- FTP Accounts
- Email addresses that are in use/advertised on the site and email addresses that include your URL, e.g. firstname.lastname@example.org
You will need to learn to use strong passwords that are longer and more complex than the ones you usually choose to use. If you struggle to keep track of your passwords, we highly recommend using a password manager.
What other measures should you take to protect your Wordpress site:
I. Backup your work
Once your site is complete, or every time you update it, we highly recommend you backup your site. Government websites and sites like Forex have been hacked. This is not something that is going to go away or something you can ever be immune to.
Imagine losing everything and not having a backup copy. You would have to rebuild your entire site because of malware or a hacker!
What is the best way to back up your Wordpress site?
- The easiest way to backup a Wordpress site is by picking the right Managed Host (in ForgetWP we do that as part of our care plans)
- If your budget doesn’t stretch to a Managed Hosting Plan the second-best alternative would be to install a plugin.
- Finally, not the best of solutions but if you have no alternative then save a backup on your computer or external hard drive.
What backup plugins are available on Wordpress?
II. Add a firewall
III. Enable SSL
IV. Other suggestions to improve your Wordpress site's security
- Change the default username from "ADMIN" to a unique username that no one would guess.
- Disable your file editing so that no one can edit anything on your site without you knowing about it.
- Disable your sites PHP file execution in directories such as your uploads.
- Limit the number of times that someone can try to login to the site.
- If hackers are trying to crack your password, this will prevent them from cracking your password as they won't have enough attempts available to keep trying.
- Add two-factor authentication and set it up to a secure mobile phone.
- Change your database prefix name so that hackers can't guess what it is. (Please be aware that any errors made when doing this process yourself can ruin your website.)
- Password protect both your admin and login pages, this will help prevent people from being about to DDoS your admin area and gain access to your login page.
- Disabling the XML-RPC in Wordpress is vital. It is enabled by default in Wordpress 3.5 but disabling it can significantly decrease the risk of hackers attempting to guess your passwords. It will stop multiple attempts to break your password.
- Set up auto log out which will automatically log out those who have been idle on the site for an extended period of time.
- Add security questions with the wrong answers if necessary to prevent anyone from guessing to be able to get access to your site if they get past the password stage or try to change something significant on your site without your permission.
- Download a Wordpress security plugin to scan your site for malware and vulnerabilities. If any warning appears, make sure you fix them.
There are a lot of loose ends that you can tie up by applying all of the security measure mentioned above. It's a huge take to undertake. If you would like an easier, simpler way, take a look at our Wordpress Care Plans and let us handle everything for you.