The hacking of WordPress websites is on the rise. Given how popular it is as a platform, it?s a serious risk to both website owners and visitors. Here at Coastal Content we take security pretty seriously. Every website we provide is delivered as secure as possible but we appreciate that many people like to build their own. If you?re one of those, this post is for you.
WordPress is used by businesses and individuals across the world, all with various levels of knowledge and security awareness. This can create a minefield when it comes to locking down a site. So if you run a WordPress site and want to know how to keep it secure, these 5 tips are just what you need.
1. Keep WordPress updated
Ensuring your website is always up to date is the most basic security tip. The team behind WordPress are a productive bunch. They are continuously working hard to squash bugs, refine the code and fix security holes. That means the platform receives regular updates that make it faster and better. As security fixes are introduced, they should be installed immediately. Given how simple the update process is, there really is no excuse.
The same goes for plugins. The modular nature of WordPress allows you to tailor it to do pretty much anything. As WordPress is updated, so are the plugins so it is good practice to update your plugins whenever the admin panel lets you know they are available.
2. Ditch the Admin
When WordPress is first installed, an admin account is created to allow you access to the site. Replace it right away to something more obscure that doesn?t use admin or the URL as the user name. Make sure the password is secure too. Many brute force attacks concentrate on the admin account, so changing the name protects you from the majority of these.
3. Strong passwords
A suitably strong password that contains a mixture of letters, characters and numbers will do wonders for your WordPress security. You should use an original, strong password for every account you have online, but most of us don?t. Just make sure that as well as changing the default admin account, you choose a good strong password.
If you allow users onto your site, enforce strong passwords for them too.
4. Set regular backups
No website is totally secure so you should really plan for the worst. Setting a regular schedule of backups is a good start. Some web hosts perform them automatically for you, some will need to be manually configured. Others won?t perform any backups at all so you will have to do it yourself. Fortunately, there are a multitude of ways to backup WordPress and we will cover them in detail in the coming weeks.
5. Use security plugins
The sheer number of plugins available for WordPress is huge. Some are better than others though, so shop carefully. Look for the number of installs and reviews. The more the better. I use the Wordfence plugin. It?s free, very good at what it does and secures your website without being too intrusive. It can also alert you if your site is under attack, which is nice.
There are other security plugins available too of course.
By following these five basic tips, you can significantly increase the security of your WordPress website. Do it. Now.