5 Ways To Keep Your WordPress Website Safe And Secure

WordPress is one of the most flexible and easy-to-use website platforms out there these days, making it one of the most popular website platforms in the world! However; that also means that it’s a big target for hackers. It doesn’t matter how small your site or company is… hackers and bots will try to get in.

So how do you mitigate the risk of getting hacked when you’re using such a popular platform? Here are some important things to do:

1. Install a security plugin

We recommend SolidSecurity (previously iThemes) or WordFence. These developers currently offer both free and paid versions of their plugins. Once you have chosen a security plugin and have it installed, you’ll want to look at the following settings:

  • Turn on the firewall to block brute force attackers – these attackers people and bots that are trying to guess your login credentials. They can do it thousands of times per hour if their attempts are not detected and blocked.
  • Enable 2-factor authentication for user logins. This feature will require a one time passcode either from email or an authenticator app when a user tries to log in.
  • Require complex passwords for all users. Long and complex passwords are just simply less likely to be guessed and will take longer to brute-force.
  • Set a password expiration date for every user. This will force users to reset their password after a certain amount of time. (Would recommend quarterly, or every 6 months for most sites.)
  • Enable nightly security scans and vulnerability reporting and have it deliver reports to you or another site admin.

2. Install a backup and restore plugin

It’s important to have regular backups of your site available in case your site gets hacked and you need to roll back to an unaffected version. (You may also find backups useful for restoring due to a software update that breaks things… so backups are good to have!)

  • Schedule backups to run automatically every night
  • If you can, store the backups at a third party (Amazon, Google, etc)
  • If your host offers server side backups at the hosting control panel, use that feature instead of or in addition to the WordPress backups.

3. Regularly log in and run recommended updates

Outdated software is prone to vulnerabilities and is a really common way that a site can become hackable. Keeping your WordPress version, plugins and themes up to date is important to help your site stay secure.

  • Log in and make any required updates to your Plugins, Themes and WordPress version at least monthly (more often if you can).
  • Turn on automatic updates. Beware that this can cause problems if updates don’t work correctly, but most updates go smoothly, so just weigh the risk.
  • Run updates as soon as possible if you receive a notice from your site that there is a vulnerability.
  • Remove or replace any plugins that remain vulnerable (no update available) for very long. Some plugin developers abandon their plugins which means that if a vulnerability arises, it will never be fixed.
  • If possible, remove any plugins or themes that you aren’t using… these are just liabilities, not doing any good.

4. Tend to your hosting account

If someone gets the password for your hosting login, they have the keys to your whole website kingdom. You want to keep that access locked down and use the tools that they provide to help keep your site safe in other ways:

  • Set up 2-factor authentication and use it to log into your hosting control panel.
  • Use a very complex password and change it at least every 6 months.
  • Install an SSL certificate on your site and force all http requests over to https. This will force all WordPress logins to happen over an encrypted connection, making login info less likely to be intercepted by hackers. SSL certificates are available for free with most hosting accounts and are usually even configurable using a wizard that walks you through setup.
  • Keep your PHP version up to date. PHP is the software that WordPress runs on and new versions of it come out from time to time. These versions patch vulnerabilities and add new functionality to help your site stay safe. You’ll usually find the PHP version setting in your hosting control panel.
  • Get intrusion detection. If your web host offers an intrusion detection and restoration service, it is well worth the cost. This way if your site does get hacked, the intrusion detection service stops the intrusion and rolls back to an un-hacked version of the site.

5. Choose a Managed WordPress Hosting Package

If you’re not excited about the idea of monitoring and maintaining your site, it might be worth considering Managed Hosting. Managed hosting may cost a little more than standard D-I-Y hosting, but you can essentially just set and forget, and your site manager does all of the boring/hard stuff. If you’re happy with your current host, check to see if they offer a Managed Hosting package. If you’re not happy with your current host, check out our hosting! All of our hosting packages are managed, so if you’re ready to go worry-free with your hosting, just get in touch!

Article Info

Security

Recent Posts

Closed for Veterans Day

We will be closed on Monday, November 11 for Veterans Day. Thank you, Veterans, for all that you do and have done for our country!

Questions or Comments?

Subscribe To Our Newsletter