How to Secure Your WordPress Website and Keep It Secured

Secure Wordpress Website
[essb] Secure WordPress Website

How to Secure Your WordPress Website? Before we dive into that, let’s look at why anyone would want to bother with infringing the security of your WordPress website. By their own numbers, WordPress powers over 17% of all websites around the world. If you look at that number for blogs alone, it will in all probability be much higher.

There are many things that make WordPress such a darling of netizens. The fact that it’s a free open source CMS, completely flexible, extremely easy to use and setup even by novices, has great SEO capabilities built in and so on are just a handful of the many things going for WordPress.

Unfortunately, there’s also a bunch of issues with WordPress (we’ll go into those later!), the biggest of which is security. The fact that WordPress has such a large user base, makes it especially attractive to hackers with malicious intent.

The spate of attacks on large websites (not running on WordPress) like eBay or the Heartbleed bug that affected scores of financial sites are only growing in number.

In 2012, WordPress released a statement saying that 170,000 WordPress sites were hacked into that year. That’s a huge concern for anyone running a site on WordPress and securing their sites from external threats ought to be on the top of every site owner’s priorities. Even Matt Cutts, the head of Google’s web spam team was targeted by savvy vulnerability hunters – and they weren’t even specifically looking for WordPress loopholes!

Here’s a step by step guide to take your website’s security in your own hands and do everything you can as a site owner to prevent it from being attacked.

1. Keep Your Main Work Computer Safe

As Maria from The Sound of Music would say, “Let’s start at the very beginning, a very good place to start.”

Before you run around trying to fix your website, server etc. first take a long hard look at the machine that you use to access and run the site. Is it up to date with the latest version of OS? Is your computer clean of any viruses or malware? Do you have a strong anti-virus protecting it from future attacks? Have you set up firewalls around it? Do you avoid browsing on sites of questionable security?

If you answered “Yes” to that litany of questions, then you have at least secured your home base.

2. Update WordPress Regularly

WordPress didn’t just become one of the most popular web platforms for nothing. They have a dedicated team that works round the clock fixing and updating any security holes and vulnerabilities they spot. Then there’s also the developer community that pitches in with fixes that makes WordPress a great place to be.

Don’t just sit back and rest on these strengths of WordPress. For them to be of any use, you need to run the automatic WordPress updates that you are requested to, from time to time. Use a plugin like Advanced Automatic Updates to take care of updates for you.

If manual updates are more up your alley, go for it. Just don’t get lazy and fall behind on your updates.

Once updated, do not display the version of WordPress you’re running anywhere on your site – it simply acts as an aid for potential hackers to enter your site even more easily.

3. Choose a Good Web Host

Use sound logic and an extensive vetting process when it comes to picking your web hosting company. Look for a good track record, is security conscious and updates their web server software on a regular basis.

Outdated software is more prone to malware attacks. Check out their security measures and past security track record. Is it slightly spotty? Run for dear life!

According to Site Ground, some basic security measures a good web host ought to offer are

  • Support for the latest PHP and MySQL versions
  • Account isolation
  • Web Application Firewall
  • Intrusion detecting system

It’s a good idea to choose a web hosting company that specializes in WordPress sites. Then they’re aware of the latest updates, know the vulnerabilities inherent in WordPress and take measures to prevent security issues. Another clever thing you can do to protect your website from malicious SQL injections, DDoS, brute force and web application attacks is to use Fireblade. Fireblade has a new “test my site” feature which scans all these parameters, in addition to CMS platform vulnerabilities inspection and 24/7 monitoring of your website.

Lastly, a very important but often overlooked infrastructural point is your emails. If you’ll be doing regular email marketing or bulk email promotions, go for a service-cum-software provider like GetResponse who has a good track record, and focuses as much on performance and deliverability of your emails as on the security of your subscriber data.

One wrong move here and you could end up on a DNS Blackhole List, and then it’ll take you forever to undo the damage to the credibility of your mail servers.

4. Don’t Install Apps, Plugins or Themes without a Thorough Check

One of the most wonderful things about WordPress is that it has an app or plugin for nearly every need. There are lovely themes (often free) that will transform your website into a designer’s dream. Be especially wary of these – here’s one of the best guides to choosing and using free WordPress themes.

Many hackers often create and distribute fully functional but vulnerable apps, plugins and themes with the sole purpose of gaining access to your site. This not just undermines the security of your own data, it also compromises the security of legitimate users accessing your site.

Before you install any new app, make sure it is a reputed, well trusted app with strong positive reviews. If you can manage it, try looking under the hood of the apps yourself, before you install them on your site.

5. Disable and Remove Plugins That are Known to be Vulnerable

WordPress vulnerabilities come to light pretty quickly thanks to its widespread adoption and its large developer community. Keep your eyes open for news regarding apps or themes that have been flagged off as vulnerable.

Disable these immediately and remove them entirely from your server. In fact, do the same with inactive apps and themes as well. It’ll be erring on the side of caution, but then it also eliminates the headache of having to update or maintain these unused apps on your site unnecessarily.

6. How to Secure Your WordPress Website with a Strong Password

This is a fundamental piece of advice that rings true for any type of account where you use a username and password combination.

Create a password that is not easily hackable. Ditch those silly passwords that you’re your first name or date of birth as your password and move on to something that is alphanumeric, contains special characters and is not even a real word.

Keep it unpredictable, try a short sentence even; to make it harder for your potential hackers to guess it. If you don’t trust yourself to come up with a hack-proof password, use password generators like Norton’s IdentitySafe Password Generator or StrongPasswordGenerator before you proceed.

7. Change Your Default Username from ‘Admin’ to Something Less Predictable

The latest versions of WordPress let you choose a default user name of your choice instead of the standard admin. This prevents a potential hacker from easy access into the backend of your site.

Robert Abela from WP White Security gives detailed step by step instructions on how to change your username from Admin to one of your choice.

8. Limit Login Attempts

Most hackers use brute force programs with multiple iterations of your username and password to break into your site and tamper with your data. Now that you have secured your username and created a foolproof password, make sure that you don’t give these miscreants a chance to make unlimited brute force attacks on your site to break in.

Install plugins like WordFence Security or BruteProtect to secure your site against brute attacks. Read on to learn more about brute attacks and how you can protect yourself against them.

9. Create a Complete Website Backup, Just in Case

Just as you’d never leave your garage without a spare tire in the back of your car, never ever launch your site without first backing it up. Your backup could reside anywhere – on a local drive, on your computer, on Dropbox, with a WordPress plugin like Ready!Backup or even using WordPress’s own advice on creating a website backup.

This simple step ensures that even when the worst does happen and your site does get attacked, it will not mean the end of the road for all your past hard work. All you’ll need to then do is plug any holes that might have caused the security breach and start over with your saved data.

Is That All?

Well, keeping your WordPress site secure is not a one-time process. Each of the steps outlined above need to be repeated regularly to stay ahead of wily hackers hunting for opportunities to bring down your site.

Here’s a quick peek at the top causes for WordPress site hacks:

How WordPress Get Hacked

Source

So first and foremost, ensure your web host maintains their security shields. Keep yourself in the loop about their security updates and protective measures as vulnerabilities at the host’s end are the no.1 cause of WP attacks. Be wary of new themes and plugins as they can often be Trojan horses hiding malicious malware.

And finally, stay on top of your WordPress updates and change your passwords every couple of weeks or at least every month if possible. Backup your site regularly, depending on the frequency with which you add new data to your site.

With a little bit of vigilance, you can enjoy all the perks of WordPress without losing sleep over how to secure your WordPress website.

Share this to share your insight with others. It helps to share.

[easy-share buttons=”facebook,twitter” native=”no”]


Want more stuff like this? Hit the "Like" button below to get notified via Facebook...

Total
0
Shares
4 comments

Comments are closed.

Related Posts