Recently, I attended a conference where, among other things, we talked about website security. Got me thinking about me, my business and WordPress security since all my websites are on this platform. The point was – human error is the one to blame, always. Which is why it’s important to educate ourselves so that we can keep our online property safe and secure.
With that in mind, here’s the basic we all need to know about the website and WordPress security. Learn this, and you’ll protect yourself just fine. All this, of course, is once you choose a good and reliable hosting provider which is No.1 in this WordPress security checkup.
5 questions to ask about WordPress security
1. How secure is WordPress?
Knowing that WordPress is being used on 29% of websites across the world, it’s only natural to ask ourselves and professionals: how secure is WordPress? Short answer: pretty much. Long one? Well, there’s always some security issues. From the fact that it’s the most popular CMS which makes it a „sitting duck“ for hackers to the use of unchecked or unreliable plugins, features, widgets… In the core of every one thing that might be the source of security issue is – as always – human factor. Which is why we must do all we can to reduce the risk by knowing what we need to do to secure our website.
2. What do I need to know about WordPress security?
First, no website is 100% secure, regardless of the platform it uses. With that in mind, one can get upset over it, but fear not! WordPress, for instance, has The WordPress Security Team, a group of experts that are working specifically on identifying any potential risks in the core and resolving them. Other than that, there are quite a few things every one of us can do to reduce further risk of getting attacked by hackers and/or spammers.
3. How can I secure my website?
Here, I’ll teach you the very basics of self-securing your WordPress site.
Username and password
Don’t use admin credentials that are way too easy to crack. You know what I’m talking about: admin and admin123 examples. Instead, create a powerful username and password (to be changed often, for security reasons) that aren’t that obvious. Mix upper and lower case letters together with numbers and interpunction signs and you’ll be all right. Also, you might want to consider creating another user with basic access for daily tasks.
Authentication
Setting up two-factor authentication is another great way to protect your site. Yes, it might look excessive, but it’s a life savior at the same time. This is a great way to fight all those brute force attacks and keeps your website safe and secure. Two-factor authentication works in a way that, besides username and password, you need to type another form of personal information. Whether it’s a generated code or another pass that you’ll get in your email – this feature is something to consider.
Login URL
In case you didn’t know, the usual login URL address is /wp-admin or /wp-login.php. And because by now even the birds know about it, it’s considered safe to change it and make it more unique and harder to hack. Anything from my_admin_ or my_login to whatever creative and different you can think of. And you do this so that you don’t have issues with the brute force attacks mentioned earlier.
Backup
One of the most important things you can do to improve WordPress security is to do regular backups of your website. You certainly don’t want to find yourself in a situation of lost content or entire site from your domain. Having a regular backup will ensure you have everything in place, just if something like that would ever happen. Having an updated copy of your website is always good and failsafe – you can easily restore your data in just a few clicks! If you get yourself confused, you can always stop by WordPress.org codex page and learn all you need to know about WordPress backups.
4. Is it enough to use WordPress security plugins?
It is strongly recommended to use security plugins, but they are not almighty and can’t protect you if you, as a person, don’t know how to use them. And by that, I mean you need to know which one to choose. WordPress security plugins are, in fact, one of the best tools that keep your site safe and secure, but only if they’re the right ones. Which means – choose the ones that are regularly updated, that have exceptional reviews and that are recommended to you by the people who already work in WordPress and know what they are saying. Choosing an unreliable plugin may cost you your website since it’s a go-to way for hackers to go through, you know?
5. What are WordPress security best practices?
Among the best tips on WordPress security best practices is the one regarding plugins. Always and I mean always check if the plugin you’re about to use is safe, secure, regularly updated and used by a large group of people already. All this will indicate whether that plugin is go-to or no-to use, got it?
Other than that, you should always have some security software installed on your computer, to keep you protected from all sorts of viruses which can sometimes come into your website, too.
Also, and this one goes for everyone: be sure to have a reliable developer by your side. The one who will maintain your website, administrate regular updating of WordPress and all of the plugins, block crawlers, bad bots and everyone that is cruising the www in order to do some harm. That way you’ll always, no matter if you know it yourself or not, have one more person to think about the safety of your site. Two-step, you know? 😉
Bonus
Now that you know how important it is to have plugins that you can rely on, here’s a list of ones we find very useful, safe and secure that might come in handy to you too.
iThemes Security
Well known WordPress security plugin with more than 30 ways to keep you safe and protected. It does everything: from detection to fixing and protection of your site. Pro version has even more features like dashboard widget, password security, user activity logging and more.
Sucuri Security
One of the best security plugins out there, free for all WordPress users with a premium version for even more features. And the list of features is impressive:
- Security Activity Auditing
- File Integrity Monitoring
- Remote Malware Scanning
- Blacklist Monitoring
- Effective Security Hardening
- Post-Hack Security Actions
- Security Notifications
- Website Firewall (premium)
Shield Security
Another excellent WordPress security plugin that comes in a free and premium version – as of from just a few days ago. Comes with plenty of security features and tools and for $1/month you get Pro customer email support and much more.
WordFence
You’ve probably heard of this one, WordFence is a free and open-source plugin with a broad set of features that keep your website secure. From blocking brute force attacks to login security features, WordFence is definitely among plugins you should try out.
Tell us how you keep your website safe and secure and which plugin do you use? Also, what you find most challenging in that department?
