Just this week, researchers found a critical flaw that would allow hackers to take over 5,000,000 sites. Imagine if one of those sites was your site. Think about how much time and money could you lose. Fortunately, any business owner can learn the basics on how to secure their WordPress site.
Here are our five tips on how to secure a WordPress site that even beginners can do.
1. Use a Security Plugin
The wonderful thing about WordPress is the array of plugins available to extend its basic functions. There are many free plugins available to secure different aspects of your WordPress site, but we highly recommend WordFence.
WordFence is a powerful all-in-one security plug-in that provides:
- A built-in firewall
- Automatic malware scans
- Login protection
- Security notifications
Simply installing this plugin will already put you well ahead of the curve on security, and we install this plugin on nearly every website we build for our clients. Because it’s comprehensive, it comes with lots of options, but for most businesses the default settings work just fine.
2. Avoid Common Usernames and Passwords
Criminals commonly use programs that will try thousands of usernames and passwords to force their way into an account. You can slow their attempts by using unique passwords and usernames.
List of commonly used usernames attacked by hackers.
The list above shows usernames that hackers attempted to use to log onto this website without permission. You can see that “admin” tops the list because it is the default username most site admins use to log into a site. In general, we recommend never using the following usernames on a WordPress site:
- admin
- webmaster
- root
- support
- customerservice
- sysadmin
- your site’s url
- test
- host
- manager
Instead you should opt for a username that has unique meaning to you or your organization without being too obvious. A good username should be paired with a strong password containing a mix of letters, numbers, and characters.
3. Use SSL Certificates
Have you ever noticed that most websites use https instead of http nowadays? The extra “s” means that site uses a secure socket layer or SSL certificate. Your computer uses the SSL certificate to encrypt information traveling between your computer and the server.
Many web hosts* include SSL certificates for free, but you will want to double check just in case. Not only will it affect your security, but it can also tank your Search Engine Optimization if you don’t have one set up. You can contact your hosting company for assistance with setting this up.
Once the SSL certificate is installed you should also ensure that all traffic gets redirected to the https version of your site automatically. Usually, you can control this in your web host’s settings, but you can also install a plugin like Really Simple SSL to do this for you if not.
4. Back Up Your Site Frequently
Even with security measures in place, sometimes things still go wrong with your site. An update can break features. Hackers can make it through your firewall. You get hit with ransomware because an employee clicks the wrong link. Whatever the case, a back up copy can be a life saver.
A good backup program will save a copy of your site’s database and files on a set schedule. Your web host provider may have software on their servers that can do this for you, or you can set up backups using a plugin such as UpdraftPlus.
Ideally, you will store this data in a location not on your server. That way if the server is compromised you still have access your data to restore it in another location.
5. Keep Plugins and Themes Up to Date
Of all the tips on how to keep a WordPress site secure, this has to be the simplest…and most overlooked. Business owners are busy people, and they hardly give their website a second thought as long as it is working. The problem is what they don’t see.
Criminals are creative, and their tactics change constantly. As a result, software companies have to constantly adjust their software to counter new vulnerabilities. Those updates won’t work unless they’re installed though. A simple weekly update can save you from huge headaches.
If you’re so slammed that you can’t spare the extra hour a month, we offer services as low $50 a month to take care of it for you. Either way, it’s not something you want to put off.
Learn More About How To Secure a WordPress Site
By now you know the basics about how to secure a WordPress site, but keeping your website healthy can get complicated fast. So let’s leave you with a little gift. Enter your email below, and we’ll send you a free checklist of essential tasks to keep your WordPress running smoothly.
This checklist will include the security tasks we could not cover here plus tips to improve your site performance and SEO. And no we won’t bombard you with marketing emails (unless you really want us to). Complete the form to get started.
