Skip to main content

WordPress Security Tips

If you’ve ever forgotten to save your work or have suddenly “lost” it by clicking away from it, etc. you know what a royal pain it can be to recreate it. Now imagine that happening to your whole website. Poof, gone. It’s enough to make most people ill.

How likely is this going to happen to you?   There is no such thing as a 100% secure website or a 100% secure Content Management System.  In general, WordPress is as secure or more secure than other CMS, particularly with it’s constant updates. Because WordPress is such a popular platform (and not just for blogging!) it has been targeted but successful mass attacks on WordPress have only occurred because of vulnerabilities through plugins that have not been updated by the end user.

If the site owner’s actions are the best defense against attacks, what can you do to keep your site safe?

WordPress Security Tips for Your Website

Back-up Your Site Regularly

It’s very important to take regular back-ups of your website. What is regular? This differs for different people. If you regularly change your content, a weekly or bi-weekly back-up is necessary.  If your content is pretty static, a monthly back-up will most likely suffice. In my maintenance program, I execute back-ups bi-weekly with a popular back-up plugin called BackUp Buddy. I also have a premium Stash account through iThemes (the maker of BackUp Buddy) so that all back-ups are stored on a remote server. Restoring or moving a website is also much easier with BackUp Buddy.

Choose Your Host Wisely

Not all hosting providers are created equal and a large percentage of WordPress hacks are due to hosting vulnerabilities. When you choose your hosting provider, remember you often get what you pay for.  That means not selecting the cheapest deal you can find (and there are many!).  Choosing a well-established company with a good track-record for strong security is well worth the extra money!

Stay on Top of Updates

WordPress is famous for its constant updates.  Ensuring you have the latest version of WordPress is extremely important as most new versions contain fixes for security vulnerabilities.  Most people also have a number of WordPress plugins on their site. Updating these plugins are as important as updating your theme and your WordPress version. As part of my maintenance plan, I will ensure that all of your updates are completed in a timely fashion.

Strong Passwords & Unique Usernames

Some of the most common hacks into WordPress sites occur because a hacker has been able to guess a user’s password and username. When WordPress is set up through a hosting company, “admin” is often the default user name given for your login. When site owners do not change their username to something more unique, hackers have the upper hand. While having a password that you can’t remember off the top of your head is inconvenient, it will make it virtually impossible for someone else to crack. To generate a secure password, I use a site called Strong Password Generator.

Security Plugins

There are a number of security plugins that help with the final steps of securing your website, although I caution you to use them with care.  Many of them are highly detailed and a misstep will lock you out of your own site or mess up your .htaccess file, which is difficult for a novice to fix. Read the documentation provided by the developer carefully and check your site after every step so that you can identify what caused the issue, if one arises.

Not sure you want to attempt these steps on your own? Contact me today for help securing your website!