WordPress often receives the reputation of an unsafe content management platform. While their team is continuously working to fix this and stay on top of potential attacks, there are many things you can do yourself to protect your site.
Use a Security Plugin
Using a security plugin is an easy way to keep your site safe. It helps fill the holes that WordPress updates haven’t gotten to yet and protects from intense attacks.
An excellent security plugin is the Wordfence plugin. It scans for weak spots on the site, blocks attacks in real time, keeps track of elements that might make your site easy to hack, and much more. This plugin is completely free and boasts a long list of features and straightforward ease of use.
Use Two-Factor Authentication.
Two-Factor authentication requires users to enter both a password and a question, code, or set of characters. This helps to ensure that it’s only you logging into the site. Like a tough to crack password, these features make it a much harder challenge for someone to get past your security.
Having a code texted to your phone, an email sent to a private address or a phone call to answer means that you will know when someone other than you is attempting to breach the site.
Have Strong Passwords and Change Them Often.
As annoying as it can be, every password should have uppercase and lowercase letters, numbers, and special characters. With the advances in the technologies available to cybercriminals, something like “password” or even “p@ssword” doesn’t cut it anymore. They have programs that check those and other common passcodes in less than a second.
Consider using a long phrase as your password instead. It’s harder to crack, but easier to remember than a random set of letters and numbers.
Have Quality Site WordPress Hosting and SSL.
Even though it’s tempting to purchase the cheapest WordPress hosting you can find, quality site hosting often proves worth the price. More reputable website hosting platforms include SSL, or secure socket layer. This is a level of protection that keeps your data more secure and makes it harder for hackers to trick or confuse the conversations between your hosting and your website.
If your hosting company does not include an SSL, find a third-party provider. It’s worth the investment for the peace of mind that comes from knowing your data, as well as your client’s data, is safe.
Regularly Backup Your Website.
If something happens despite your best efforts, you don’t want to end up stuck back at square one. By backing up your site, you have a recent, healthy version of the website to return to quickly.
Use a plugin like BackupBuddy that saves your entire website on the cloud. That way it is there if you ever need it. You can schedule how often it backs up the site, so you don’t have to remember to go online and keep it updated.
Update Everything Regularly.
WordPress automatically updates every 40 days. However, be sure that this is happening for your site and hasn’t been unintentionally disabled.
Check for updates to your plugins and themes as well. WordPress updates alone won’t cover a security loophole in your custom theme or plugins. Everything must be updated individually.
Remove the WordPress Version Number.
WordPress sites have the version that you’re running listed on the website by default. Keeping this visible makes a hacker’s life easier. By knowing which version you’re running, they know which security holes are vulnerable and which types of attacks can be most effective. Removing the version number makes them work harder to plan their moves against you.
Install a Firewall on Your Computer.
Installing a firewall on your computer is a last line of defense, but one worth having. Even if your site does get hacked, a firewall will keep the rest of your computer safe.
Plus, if your site backup is stored on your computer instead of the cloud, this will keep it secure and available to quickly get everything restored and running. You don’t want to be at risk of losing all of your data and work. That defeats the point of having a backup.
Change and Hide Author Usernames.
If hackers can figure out the login name, they’re one step closer to getting into the site. It’s much easier to assume the title is “admin” and begin trying passwords than it is to figure out the username first. Don’t ever use “admin” as your username.
Also consider using an email address instead of a username, as it’s much harder to predict and can be used as an authentication factor for your Two-Factor authentication as well. This is a win-win.
Additionally, hide the author usernames on your site. While it might be a cool feature for your visitors to know who on your team posted a recent blog post, it gives potential hackers the information they need. There’s not much point in changing the username to something unpredictable when you can find it right on the site.
Rename Your Login URL.
Having the default login page address increases your chances of being hacked since hackers can easily find it. Changing it to something unique helps hide it from possible attacks.
Employing even a few of these security features will help you rest easy and avoid dealing with the hassles of a hacked website. WordPress is still one of the best CMS systems on the planet right now!