We are hearing more and more about websites being hacked or compromised so it is important that you know how to keep your website safe from outside attackers.
A hacked WordPress website can cause damage to your business reputation and your revenue. Hackers can steal passwords, user information, install malicious software and even infect users that visit your website.
If Google finds that your website has been hacked you could have your website blacklisted which makes it difficult to appear in Google search results in the future.
WordPress security issues can be easily caused but as long as you know the basics it also isn’t hard to ensure your website remains secure at all times. Think of keeping your business website secure just like you would a physical office building, keeping it locked so that unwanted visitors don’t enter.
While we can’t guarantee that you will be covered 100%, if you follow these guidelines and tips it will ensure you are covered as much as possible and if something unfortunate does happen to your website you can recover as quickly as possible.
Here are my guidelines to ensure your WordPress website remains secure:
Keep WordPress updated on your site at all times
WordPress is an open source software that is regularly updated. It is crucial for the security and stability of your website to keep WordPress updated.
Keep themes and plugins updated on your site at all times
There are thousands of plugins and themes available to use on WordPress websites that are developed and maintained by third-parties that regularly release updates. It is vital that all of your plugins and themes are kept up to date at all times.
It is important that you only install themes and plugins onto your website that are developed by a trustworthy source that also provide regular updates. If a plugin installed on your website hasn’t received an update for 6 months or longer than that is reason for concern and you should look for an alternative.
Its also good practice to delete any unused or inactive plugins on a regular basis.
Retain strong passwords and user permissions
One of the most common WordPress hacking attempts uses stolen passwords. You can make that difficult by using stronger passwords and not using the same password on other sites. This not only applies to your WordPress admin, but also FTP accounts, cpanel, hosting account and your email addresses which use your domain name.
Don’t use “admin” as your username. This used to be the default username for WordPress websites which made it easy for hackers to guess a username.
Also, don’t give anyone else your login details. If someone else needs to have admin access to your website create a new user account giving them this access. Remember that once they no longer require access then remove them as an admin. However I do recommend that you always have at least 2 trusted admins on your website.
Choose your hosting company carefully
The hosting company you choose is one of the most important decisions you make in regards to your website security as they ultimately protect your website. Not all website hosting companies are created equal, and choosing one purely on price can end up costing you way more in the long run.
When choosing a hosting company you want to ensure:
- They continually monitor their network for suspicious activity
- They have tools in place to prevent large scale attacks
- They keep their server software up to date to prevent any security vulnerabilities
- They are available to assist when and if required
- They offer automatic, regular back-ups and updates of your website
Ensure you have regular back-ups of your website
Having a recent clean back-up of your website will be a life-saver if the worst happens. Nothing is 100% secure, so if you have a back-up to easily restore to if required it will save you so much time and stress.
Install a security plugin
A security plugin can limit login attempts. If someone is attempting to login to your website using an incorrect username and/or password than you want something to lock them out from continuing to attempt to gain access.
Wordfence is a great free plugin that I use. It not only limits login attempts but it also prevents automated bot attacks. Wordfence will also send you email notifications of any security breaches so that you can rectify it immediately.
Ensure you have a SSL Certificate installed
SSL Certificates encrypt data transfer between your website and your websites visitors browser. This makes it harder for someone to steal information from your website. Your hosting company should include this free of charge.
There are many potential areas of concern when it comes to the security of your WordPress website however by following these guidelines you are definitely limiting the risk of having your website hacked or compromised.