WordPress is used to run more websites than any other content management system – a great benefit for many reasons, allowing even small businesses to have a website with advanced functionality.
However, this popularity also brings a downside – it makes WordPress a target for hackers, who try to find a vulnerability that they can then use to gain access to all the other WordPress websites and the servers they’re hosted on.
At best, the hack simply defaces your website. If you have a back up – no problem. At worst, not only does the site get defaced but your domain name and IP address of the host space could be blacklisted if the hacker installs malicious code on the site to infect people who visit it.
So, here are our top 5 tips for keeping your WordPress site secure:
1. Make sure WordPress is up to date.
Simple, really, but keeps you ahead of the new vulnerabilities.
Another upside of popularity means that WordPress vulnerabilities are found quickly, and WordPress releases updates regularly that only need a click to install.
2. Make sure plugins are updated – and trustworthy.
Ensure you only have essential plugins activated and only use plugins from reputable sources – and keep them updated, too.
3. Make sure your admin-level logins are secure.
Give them all new, strong passwords (more than 12 characters, mix capitals and lowercase, numerals and non-alphanumeric), and delete any unused usernames.
4. Make sure you have WordPress “salts”.
Salts and keys are used to improve browser security – they’re set via the wp-config.php file, and it doesn’t hurt to update them, if you already have them set. Use https://api.wordpress.org/secret-key/1.1/salt/ to generate new ones.
This can also be enabled by installing the iThemes Security plugin that will also add a good layer of security to prevent against brute force attacks and other common vulnerabilities.
5. Take regular backups of your files and database.
If the worst happens, that means you can quickly and easily get your site up and running again – another tip, keep a number of backups on file, as the most recent backup could easily contain the hacked files / routes in.
Treat your website like you would your office or warehouse.
Spend time – and if it needs it, a little money – on making sure everything is locked up and secure.
If you would like to talk to one of our WordPress experts about securing your website better call us on 01525 373020.