9 Ways to Secure your WordPress Website

There is no quick way to secure your website from hackers. You need to be vigilant and use as many defences as you can. The following is a list of 9 ways to secure your website.

Use Latest Version of WordPress, Themes and Plugins

Regularly go into your WordPress dashboard and install the newest versions of all your plugins. It’s easy to do: just look at the top left corner, if you see a number with a semi-circle swirl it means there are that many number of updates available for your website. Click on this link and update each of the plugins, themes and WordPress to install the newest version.

WordpressSecurity-WannaWebDesign

Only install good WordPress Themes or Plugins

There are so many free WordPress themes and plugins out there but you have to be careful which ones you install on your website. Choose themes from a reputable theme developer or theme sales website.  One that I use regularly is Theme Forest.  Pick from the most popular theme or plugins to ensure they will be kept up to date. Also always check the date of the latest update.  If it’s over 6 months old, I tend to avoid it.  Look at the history as well, check how long it takes for problems to be corrected or questions to be answered. This will tell you if there is a team keeping up with the software.

Guard your Logins

Use strong usernames and passwords. Avoid usernames like ‘user’, ‘admin’, ‘root’ choose one that would be difficult to guess.  Passwords should be at least 8 – 10 characters long, should include upper and lower case letters, numeric and special characters.  Avoid using the user name in the password and avoid using the obvious like your name.  Also try to create different username/password combinations across the internet to avoid hackers finding out the one and using it across many accounts to hack all your information.

Use a reputable web service provider

Use a well established company with a strong reputation and good track record for security.  Providers that ensure a high rate of “uptime” and 24/7 support service are important.

Two Factor Authentication

For added security you can install a plugin that uses 2 factors for login rather than just the username and password. This would make it much more difficult for hackers to guess the login and for the spambots (programs that search the web to try and sign in to websites repeatedly) to test your site. Here is a free plugin from the WordPress.

Purchase an SSL Certificate

SSL stand for Secure Socket Layer. This is added security for any customer or client that might type in personal information on your site. It adds encrypted information that hackers can’t “watch” while people enter information on your site. An SSL Certificate is relatively affordable (less than $100 for the year) and well worth it for the added security and peace of mind.

Use SFTP instead of FTP to access the server

This is for the developers who need access to the backend files of your website. Using SFTP (Secure File Transfer Protocol) adds extra security rather than signing in directly through FTP.  Again it adds encrypted data to the uploads/downloads to protect your website from hackers “watching” your site.

Security Plugins

Install a security plugin on your website. iThemes Security plugin is a free security plugin. It has over 700,000 downloads, has been updated recently (3 weeks as of this writing) and as always is easily installed through the dashboard.  Another plugin I have been using over the past few years is Wordfence Security.  With over 1,000,000 installs this is a well-established security plugin.  It monitors who visits your site, you can set it to block IP addresses. The paid version allows you to block countries.  It also does scans of your website for any code that has been inserted in your files and sends out emails when new versions of plugins or themes are available.

Backup!

Make sure you take regular backups of your website. There are many free plugins that you can take daily/weekly or monthly backups of your website. Some are easier to install the backup if something does go wrong. Just a shout out to Godaddy: they offer WordPress Hosting packages that include daily backups of your entire website and keeps these backups for 30 days. With a simple click of a button, the website is restored to any of the past 30 days that you choose.

 

 

Securing your WordPress Website

Many times businesses create a website and think ‘Great, I am done!’ but when you have a WordPress website you are never done!  As I stated in an earlier post (Keeping your CMS website up to date) you have to maintain your website.  There are people out there that make it their business to try and get into yours.

Luckily there are good people out there that create plugins to help protect your website.  2 crucial plugins are:

Limit Login Attempts

&

WordFence Security

Limit Login Attempts is a free plugin that limits the number of times someone tries to access the administrator portion of the website.  They will block an IP address (the physical address of the computer) for a specified amount of time after a specified number of attempts at trying to sign in.  An email will be sent to the administrators email address to inform them attempts have been made to access the backend.  It will also tell you the IP address of the user trying to gain access.

Which brings us to WordFence Security.  This plugin allows you to completely block an IP address from your website.  So when you find out someone has made multiple attempts to gain access you can then block that IP address.  WordFence will tell you where the IP address originates.

That is not all WordFence Security does, it also will scan your website and check to make sure you have the proper versions of all plugins and WordPress, plus check to make sure the core programs have not been modified from the original version.  If they have been modified and you know you haven’t made any changes, you can backout the changes.

2 very invaluable plugins that every WordPress website should have!