With WordPress taking over more than one-fourth the website online, it’s important for site owners to understand how to secure their WordPress website. Since this powerful CMS is a free choice, it’s used by all kinds of different website owners. The popularity also makes WordPress sites a huge target for hackers. Here’s a quick and simple step-by-step guide to help you secure your WordPress website.
Start with a Back Up
Backing up your site is the first and most important step in the process. With a backup copy of your site, it’s easy to restore data if a hacker does get in. You should set up your site to be backed up often, usually at least once per week.
The easiest way to back up your site is to use the WordPress “export” feature. However, this is a manual solution and its far better to set up regular backup solutions on automatic. You can use one of the many plugins as your back up solution including:
- Backup Buddy – A premium choice with plenty of great features making it easy to restore content, images and other files.
- BackUpWordPress – A free solution for automatic backups.
- WordPress Backup to Dropbox – If you want to back up your site to your Dropbox account, this is the right plugin for you.
Choose one of these plugins or another backup solution and you will be well on your way to better WordPress security.
Choose Your Hosting Wisely
Not all hosting companies are created equally. Some hosting companies don’t provide you with much security and help. However, other companies will give you full DDoS attack protection, a custom firewall and plenty of security for your website. Make sure the hosting company you choose gives you plenty of security.
Be Careful what you Download
Did you know that 29% of WordPress hackers get in through your theme? Another 22% find their way into your site through a plugin. When you download themes and plugins be very careful. Make sure you are downloading trusted software and never download premium plugins for free. Pirated plugins and themes are likely to contain corrupted files.
Use Very Strong Passwords
Passwords should always be very strong. You don’t want to use something simply like “123abc”. Make sure you use a capital letter, a lowercase letter, a number and a symbol to get the strongest possible password. The best way to get a very strong password is to let WordPress generate it for you.
Avoid the “Admin” Username
Often, WordPress defaults the username to “Admin”, which is easy for hackers to guess. In fact, hackers often try the “Admin” username first before anything else. It’s a very common username and one you should change immediately.
Use Security Plugins
There are a number of great security plugins to help keep your WordPress website secure. Some of the best ones you can use include:
- Login Lockdown – Perfect for preventing brute force attacks, Login Lockdown will limit the number of login attempts from a single IP address. It will lock out users if they try to login too many times and fail.
- SiteLock – A great choice with a very extensive library of known malware, SiteLock will check your site for malware constantly. If it finds malware, it will remove it quickly.
- WordFence – A free and premium plugin with plenty of options for scanning your site.
- iThemes Security – With over 30 different ways to secure your site, iThemes Security is one of the better choices on the market.
Any of these plugins will help you get the best WordPress security possible.
Keep WordPress, Themes and Plugins Updated
Hackers often use old versions of WordPress or of a theme or plugin to get into your site. You want to make sure you are always using the most up-to-date versions of the software you use within WordPress. Update plugins automatically and make sure WordPress and your themes are always updated.
Use this quick and easy guide to WordPress security and you will have less to worry about when it comes to securing your website. Make sure you back everything up and use a few of the WordPress security plugins for added protection.