Over the last few years, a top question that I get is “how to secure wordpress website from hackers?” That makes sense because lately we do seem to hear about new security issues and data breaches on websites everyday. Fortunately, with your WordPress site there are a number of precautions you can take to keep your site safe and secure. I can tell you from personal experience, it’s a lot better to spend the time in securing your website rather then trying to recover a site that has been hacked.
WordPress Security Vulnerabilities
With WordPress the two main security culprits are insecure passwords and outdated scripting. Fortunately, both of these are easily preventable.
Let’s take the issue of outdated software. This includes the core WordPress installation, the plugins you have on the site and the themes you, both the live theme and any inactive themes you have. All of these need to be kept updated. In most cases updating is a quick process that you can do right from your dashboard. However, there is also the software that your server is running, specifically the PHP and MySQL versions. Most reputable hosts will keep these updated but you should check periodically to make sure you have the current versions activated.
Insecure passwords is another place where we see vulnerabilities. People usually want to use the same (easy to remember) passwords for all of their logins. This is a problem because if a hacker does get a hold of password, then they can not only log into your WP site but maybe even your bank and other online places. You really need to create different random passwords for all of the websites you need to log into (WordPress or otherwise). And speaking of logging in, “admin” has been the default WordPress username since its inception. However, when you install WP you can (and should) pick another username. Again, it’s best to go with a random string of characters here as well.
WordPress Login Security
Getting back to WP, there are a couple of ways you can make your Login more secure. Plugins that count the number of login attempts and then temporarily lock the user out after a certain number of failed attempts are great to have in place. Another excellent security hack is to hide the standard WP login, that way when a hacker tries to get logged into your site, they won’t even be able to find the login page. Again, there are plugins that will help you do this as well.
WordPress Security Plugin
Moving up to the next step, there are a number of WP Security plugins, that will perform various functions to keep you site secure. I like WordFence, I’ve used the free version of this plugin on a number of sites with great results. Among the features that WordFence does is it allows you to set up a firewall that will block the IP address of malicious traffic. They also provide a scanner that will examine all of the files in your installation and report on any that have been altered. It then gives you the option to repair the file or delete it.
WordPress Security Checklist
Lastly, here is a quick checklist that will help keep your WP site secure:
- Passwords – Make sure they’re secure and random. Don’t different passwords for all of your logins. Change your passwords often
- Keep your site updated: That means WordPress, your plugins and themes and the software that runs on your server
- Use login security: hide the login page, lock out users who repeatedly enter incorrect login criteria
- Use WordFence or some other security plugin.
With these simple tips you should be able to keep you site secure.