In the modern age website security is something that any site owner needs to take seriously. Here are ten awesome tips to help keep your WordPress website secure:
- Don’t use the default admin username. Change it to something more unique that isn’t too obvious.
- Make sure you have a strong password. Wordpress will tell you if your password is strong or not. Login to your website and go to “My Profile” under the users tab and scroll down to where you can enter a new password. Enter the password you want and WordPress will tell you if it is strong or not. If it isn’t change it!
- Change your login URL from the the default wp-login.php, this will give an added layer of protection from a brute force attack as anyone attempting it will not only have to guess your username and password, but also the login url. WPS Hide Login is a great plugin that allows you to do just that!
- Keep your website updated by regularly checking for the latest version of WordPress, themes and plugins. Updates often include security enhancements, so by keeping everything updated will ensure you are much less vulnerable to an attack.
- Be cautious with what plugins you install on your website. Check the rating of the plugins and when it was last updated. If it has not been recently updated this could mean the developer is no longer maintaining it, in which case it will be more likely to contain security vulnerabilities.
- Use a plugin like WP Defender to keep check over your site for any changes to plugins or themes that could be caused by an attack.
- Backup your website regularly. Should the worst happen, ensure you always have a backup of your site you can revert to in an emergency.
- Limiting login attempts can help prevent a brute force attack should it occur. After a certain number of attempts the users IP address will be blocked from logging in for a set amount of time. You can limit the amount of login attempts using WP Defender
- A secure hosting environment can protect your site against attacks that are out of your control. We use and recommend WP Engine as our preferred host for managed WordPress sites.
- Getting an SSL certificate for your domain means hackers can’t see the data that is shared by your website users. This security measure is also a ranking factor in Google’s algorithm which gives you another added benefit for utilising it. You can get a free SSL certificate from most hosting providers or through CloudFlare which also gives you added security features at DNS level.