You are currently viewing Secure your WordPress site

Secure your WordPress site

It is like adding a deadbolt to your front door

But…can anyone guarantee your site is hacker-proof?

The short answer is NO!

The Internet is packed full of people looking for vulnerabilities to inject malware or gain access to user data, for all kinds of reasons. Some do it just for fun, some with much more malignant intentions.

If you have any kind of firewall set up for your site (a topic for another day) just look at your activity logs. It can be quite daunting!
Check this out from one of our hosted sites, this shows a partial list of hacking attempts for a partial day.

 

Hacking attempts come from everywhere.

All those red dots are hacking attempts. Scary, huh?

WordPress (WP) is already pretty secure right “out of the box”, as the WP community of users and developers are vigilant about security. However, you should still implement additional steps to further secure your data. In this article we will cover a few steps you can take to fortify the inherent security of WordPress and further protect your content.

Here are 7 tips that need little explanation:

  • Use a quality hosting service. There are a lot of choices out there so do your homework and…choose wisely. There are too many to name here, so we will soon dedicate an entire article on this topic and provide you some good options.
  • Choose quality plugins and themes. Again, there are A LOT of choices out there. When choosing a plugin or theme, make sure the authors keep it up to date and compatible with all WP updates and versions. The details of how often the author updates their work and compatibility with WP releases are found when you are selecting from the “Add Plugins” page:

Bonus tip: Check out how many Active Installations and the Star rating (located in the bottom left corner of the image above). If there are a lot of users and has high ratings, it is usually indicates good quality.

  • If your site allows for users to sign up for membership, be sure you understand the 5 out of the box WordPress roles and the permissions that come along with those roles. Learn more HERE. A good rule of thumb is to set up your membership options with roles that have the least amount of update permissions as possible.
  • Use SSL. “What is SSL?” you might ask. In layman’s terms, it is that little lock in your address bar. To be more specific, an SSL certificate creates an encrypted connection and establishes a level of security. Basically it is essential for building trust in your users.

Now, let’s talk about a few, more advanced ideas on securing your WordPress website – Security through Obscurity.

Think about it, if you make certain vulnerable aspects of your site hard to find, such as login and administrative components, you significantly reduce the chances of hackers having their way. Consider the following:

  • DO NOT USE “Admin” as your user name. The default installation of WordPress will use “Admin” as the user name – you can and should choose something unique. The reason this adds a layer of security is because when hackers are probing for vulnerable sites to take advantage of and they know your user name they are half way to gaining access. Having a unique user name minimizes this risk.

During the install, just make sure you change the default to something different. If you have already installed WordPress…no worries, your user name can be changed with the right plugin. Or, contact us if you are not comfortable doing this yourself, we would be happy to help.

Bonus tip (although this really goes without saying): choose strong passwords and change them regularly.

  • Hide your login page. This is not foolproof, but since most attacks are by automated bots, or programs designed to crawl the Internet looking for sites to hack, it helps. If a bot can’t find the login page in the default location, it tends to move on. It also helps deter the human hacker – after all, if they can’t find your login page they will likely move on.

Hiding your login page can also be accomplished through a variety of plugins.

  • Hide author user names. This is another good practice, since having any login information exposes you to security threats. The solution for this tip can be a plugin or a simple snippet of code that can be added to your theme’s functions.php file.

There you have it, 7 fairly straight forward tactics you can use to improve the security of your WordPress site. There is a whole lot more you could…and SHOULD do…to up your security game. Just reach out to us if you are interested in learning more.