Did you just launch your first WordPress website and are feeling excited? Or are have you had one for a while? No matter how long you’ve had your site for you need to pay attention to your website’s security. WordPress sites can be easily hacked and you need to ensure that your site is well secured at all times.

WordPress Hacked

It is reported that Google put around 20,000 sites on their blacklist each week for containing malware, while the number of sites that end up blacklisted for phishing is about 50,000. By any account that is a huge number and you should do everything possible to avoid finding yourself in such a fix.

Not everyone is a WordPress pro, so I’m putting this article together with tips that can help you secure the integrity of your site.

This doesn’t mean that WordPress’ backend isn’t secure, it is. There are hundreds of developers who audit WordPress’ code to ensure that it’s code cannot be tampered with. However, there are a number of things that can be done to make your website even more secure.

Sometime in 2016 Google warned web visitors on over 50 million sites that a site they were on had malware or was somehow trying to steal their information.

Regular WordPress Updates

The way WordPress is created, it regularly receives updates that it automatically installs. However, if there’s a major update that’s released by the WordPress team, then you would need to install this manually.

In addition, there are numerous developers that create and make plugins available on WordPress. The plugins are also regularly maintained as well.

You should strive to ensure that all your plugins are up to date.

User Permissions in WordPress

Most hacking attempts made on a WordPress site involve trying to input a stolen password. One of the things you should do to ensure that your password isn’t easy to guess, is to use a strong password.

WordPress Authorization

That means, that your password should have a combination of numbers, letters and symbols. You can make your password even harder to guess by capitalizing some of the letters of your password.

Apply this rule not just for your website’s admin login, but also for your database, hosting account, email address, and FTP accounts logins.

The challenge though with coming up with a hard password is that it’s very easy to forget, however, there’s a way around that. Password managers are programs that act like silos that store passwords. Some password managers can only be accessed from the cloud while there are some that can be downloaded to your computer.

Another way of keeping your password secure is by ensuring that you never share it with anybody. If you have a blog that involves you giving backend access to contributors, you should ensure that you give them a restricted account instead of one that gives them full access such as “admin”.

Hosting

You may not know this, but your web host plays an important role in keeping your website secure.

There are two kinds of web hosting services:

  • Shared hosting
  • Managed hosting

When looking for hosting, you should ensure that your shared hosting provider has put measures in place to protect their servers from external attacks.

WordPress Hosting

When you use managed hosting, you are assured of your site’s security. Managed hosting services offer automatic updates for WordPress, advanced security settings as well as automatic backups.

Improve Your WordPress Security

It’s no wonder that people that don’t have any web development skills shy away from WordPress security. Thankfully though, to implement some WordPress security features you don’t need a degree in Computer Science.

To implement the following security features all you need to know is how point and click. Easy enough? Let’s get started!

Installing a Backup Solution For Your WordPress

You always want to be prepared for the worst. One of the most important ways to ensure you don’t lose anything in case of an attack is by having your site fully backed up. There are a number of plugins that exist that can help you out with your site’s back up such as Backup Buddy and UpdraftPlus.

When doing your backups you should always remember that they should be stored on a different location and not with your host provider. This way in case your host suffers a major attack, you will not be too greatly inconvenienced.

Use a cloud service such as Dropbox, Amazon or Stash.

Decide how frequently you want for the site to be updated, that is, do you want it done in real time or once a day.

WordPress Security Plugin

Once you’ve backed up your WordPress site you need to have your finger on its pulse. This means that you’ll need to set up a monitoring and auditing system that keeps track of everything on your site. This includes a number of things such as:

  • Monitoring failed login attempts
  • Scanning for malware
  • Monitoring your files’ integrity

There’s one plugin that is known for doing this really well. And the good news, well, it has an efficient free version. The plugin I’m talking about here is Sucuri Scanner. You can find details on how to install it in the link provided.

Activating the Web Application Firewall

Also known as WAF, a Web Application Firewall helps keep harmful traffic at bay never allowing it to reach your site. The best WAF recommended by most is Sucuri. In fact, you can read here how it helped this site stop over 400,000 attacks in a period of 3 months.

One of the benefits of using Sucuri is that it comes with blacklist removal guarantee as well as malware cleanup. On top of this, the Sucuri team offers to fix your site if you get hacked while you have their plugin installed.

As mentioned before, Sucuri is offered both as a free and paid plugin. The paid plugin will set you back $19.98/month which is quite cheap when you contrast that to how much you’d pay a security expert.

The steps we’ve covered so far should leave your website well protected, However, if you feel like you still want to go the extra mile, here are some extra steps you can take.

Note that some coding knowledge might be required.

Change Username

If you’re using a 1-click WordPress installer, it’s quite possible that your default username has been set to “admin”. You need to change this as it makes it easy for hackers to hack your site. There are a number of ways you could change the username. These include:

  • Update your username from your host’s phpAdmin
  • Use the Username Changer plugin
  • Create a new admin username right from WordPress

Deactivate File Editing

WordPress has a feature that allows you to edit your plugin and theme files. This file editing feature can cause a lot of damage if your admin area gets hacked into. I would recommend you turn it off.

You can easily do so by adding a code in your wp-config.php file. That is,

define( ‘DISALLOW_FILE_EDIT’ , true );

Hope this article helps you in your efforts to try and secure your WordPress website.