So you’re using WordPress and you want to keep your site safe from hackers, malware, spam and other threats… where do you begin?
While WordPress does have some security risks, most of these are relatively simple to plug as long as you know where to look. This post will provide some easy and straightforward tips to help you fortify your site and to avoid common mistakes.
Tip #1 – Consider Your Host
WordPress security isn’t all about WordPress! Another weakness can often lie in your hosting account, so make sure you research the security of your hosting provider thoroughly before choosing one. Look for hosts that are willing to discuss security concerns and offer the most recent stable updates to server software. My host of choice is WPX Hosting.
Tip #2 – And Your Computer!
Likewise, another alternative ‘way in’ for hackers is through your computer. If you have malware on your system, this can do things like record your keystrokes in order to isolate passwords. Make sure your security software is up-to-date and that you do regular scans.
Tip #3 – Keep Updated
Many vulnerabilities exist in WordPress itself and the plugins that you install, but as long as no one finds them, you’re safe. The problem is, people do find them and when that happens you can briefly be vulnerable.
In the vast majority of cases, the developers of WordPress or the plugins will identify the flaws in their security very shortly after they come to light. They will then issue an update to fix them. This is why it’s so important that you update not only WordPress but also all of your plugins every time a new update is issued. I can't stress this enough! If you don’t, then you might be leaving well-publicized flaws in your security for hackers to take advantage of!
Tip #4 – Avoid Unnecessary Plugins
Every plugin you add to your site presents new potential security flaws in your code. Having too many then will unnecessarily leave you susceptible to a number of possible attacks and can also slow down your site. Don’t use more plugins than you need and make sure you research the quality of any that you do decide to use.
Tip #5 – Install Security Plugins
Some plugins that are useful are those specifically designed to provide additional security to your WordPress site. This is a very easy way to upgrade your sites fortifications that takes minutes – so do it! My security plugin of choice is Wordfence.
Tip #6 – Choose a Smart Password
This is a simple and easy one but it’s too often ignored. Make sure that you use a strong password and username combo for your admin login. And for the love of God please don't use ‘Admin' for your username. My password manager of choice is LastPass.
Having a WordPress site is the best choice in my opinion for your website needs, but don't neglect keeping it safe. With these steps you will have a safe and sound website.
Thanks for the shout-out, we indeed take web security very seriously.