There is no quick way to secure your website from hackers. You need to be vigilant and use as many defences as you can. The following is a list of 9 ways to secure your website.
Use Latest Version of WordPress, Themes and Plugins
Regularly go into your WordPress dashboard and install the newest versions of all your plugins. It’s easy to do: just look at the top left corner, if you see a number with a semi-circle swirl it means there are that many number of updates available for your website. Click on this link and update each of the plugins, themes and WordPress to install the newest version.
Only install good WordPress Themes or Plugins
There are so many free WordPress themes and plugins out there but you have to be careful which ones you install on your website. Choose themes from a reputable theme developer or theme sales website. One that I use regularly is Theme Forest. Pick from the most popular theme or plugins to ensure they will be kept up to date. Also always check the date of the latest update. If it’s over 6 months old, I tend to avoid it. Look at the history as well, check how long it takes for problems to be corrected or questions to be answered. This will tell you if there is a team keeping up with the software.
Guard your Logins
Use strong usernames and passwords. Avoid usernames like ‘user’, ‘admin’, ‘root’ choose one that would be difficult to guess. Passwords should be at least 8 – 10 characters long, should include upper and lower case letters, numeric and special characters. Avoid using the user name in the password and avoid using the obvious like your name. Also try to create different username/password combinations across the internet to avoid hackers finding out the one and using it across many accounts to hack all your information.
Use a reputable web service provider
Use a well established company with a strong reputation and good track record for security. Providers that ensure a high rate of “uptime” and 24/7 support service are important.
Two Factor Authentication
For added security you can install a plugin that uses 2 factors for login rather than just the username and password. This would make it much more difficult for hackers to guess the login and for the spambots (programs that search the web to try and sign in to websites repeatedly) to test your site. Here is a free plugin from the WordPress.
Purchase an SSL Certificate
SSL stand for Secure Socket Layer. This is added security for any customer or client that might type in personal information on your site. It adds encrypted information that hackers can’t “watch” while people enter information on your site. An SSL Certificate is relatively affordable (less than $100 for the year) and well worth it for the added security and peace of mind.
Use SFTP instead of FTP to access the server
This is for the developers who need access to the backend files of your website. Using SFTP (Secure File Transfer Protocol) adds extra security rather than signing in directly through FTP. Again it adds encrypted data to the uploads/downloads to protect your website from hackers “watching” your site.
Install a security plugin on your website. iThemes Security plugin is a free security plugin. It has over 700,000 downloads, has been updated recently (3 weeks as of this writing) and as always is easily installed through the dashboard. Another plugin I have been using over the past few years is Wordfence Security. With over 1,000,000 installs this is a well-established security plugin. It monitors who visits your site, you can set it to block IP addresses. The paid version allows you to block countries. It also does scans of your website for any code that has been inserted in your files and sends out emails when new versions of plugins or themes are available.
Make sure you take regular backups of your website. There are many free plugins that you can take daily/weekly or monthly backups of your website. Some are easier to install the backup if something does go wrong. Just a shout out to Godaddy: they offer WordPress Hosting packages that include daily backups of your entire website and keeps these backups for 30 days. With a simple click of a button, the website is restored to any of the past 30 days that you choose.