People – website owners – get hacked a lot nowadays. Here are 10 Ways to Secure Your WordPress Website.
How to Secure Your WordPress Website
1. Use a strong password
Minimum password recommendations:
- At least 10 characters
- Use upper and lower-case letters
- Numbers, punctuation or other non-alphanumeric characters
- Example of a weak password: admin1
- Improved strong password: anDrw/>12??0912
2. Choose a good Web Hosting Company
I cannot emphasise this enough. 90% of your battle is already won when you have a great host. I deeply recommend INMOTION HOSTING. Namecheap is good, but cannot handle Brute Force attacks. So save yourself the hassle.
3. Avoid ‘Nulled’ Themes like the Plague
Yes, themes are expensive, especially if you’re freelance and still want to impress a low budget client. BUT honestly, avoid themes that have been cracked – aka Nulled Themes like the plague.
A nulled or cracked theme is a hacked version of a premium theme, available via illegal means. They are also very dangerous for your site. Those themes contain hidden malicious codes, which could destroy your website and database or log your admin credentials.
WordPress premium themes look more professional and have more customizable options than a free theme. Premium themes are coded by highly skilled developers and are tested to pass multiple WordPress checks right out of the box. Worst case scenario, use a free theme. Everything to secure your wordpress website.
- 8 Best WordPress Themes for Musicians
- Top 7 WordPress Page Builder plugins
- Contact us to build you a great website
4. Install an SSL Certificate
If you want to secure your WordPress website, then you need to get SSL.
SSL (Secure Sockets Layer) is the technology that encrypts connections between your website and visitors’ web browsers, ensuring that the traffic between your site and your visitors’ computers is safe from unwelcome interceptions.
Secure Socket Layer (SSL) is mandatory for any sites that process sensitive information, i.e. passwords, or credit card details. Without an SSL certificate all of the data between the user’s web browser and your web server are delivered in plain text. This can be readable by hackers. By using an SSL, the sensitive information is encrypted before it is transferred between their browser and your server, making it more difficult to read and making your site more secure.
5. Use 2FA Authentication
Just like Google, Twitter, Facebook and the likes, you can add two-factor authentication to secure your WordPress website. This ensures maximum security for your WordPress site and all registered users.
First, you need to install and activate the WP 2FA – Two-factor Authentication plugin. Then follow the instructions in the plugin. Or read here.
6. Update Your Version of WordPress & Plugins
Outdated versions of the WordPress software or other plugins are a very common target for hackers. Make sure you regularly check for and install WordPress updates as soon as possible to eliminate vulnerabilities found in older versions.
7. Use a Security Plugin
How else can you secure your wordpress website without a security plugin?
We highly recommend installing one or more reputable security plugins on your website. These plugins do much of the security-related manual work for you, including scanning your website for infiltration attempts, altering source files that might leave your site susceptible, resetting and restoring the WordPress site, and preventing content theft like hotlinking.
8. Technical: Protect /wp-config File
The wp-config.php file is one of the most important, hence vulnerable files on your site. It hosts crucial information and data about your whole WordPress installation. It’s technically the core of your WordPress site. If something bad happens to it, you won’t be able to use your site normally.
One simple thing you can do is take that wp-config.php file, and simply move it one step above your WordPress root directory. Your WordPress site won’t be affected at all by this move, but hackers won’t be able to find it anymore.
9. Back Up, Back Up, Back up
When all is said and done, we are not perfect. When and IF you do get hacked, you wouldn’t feel it, if you had a backup. Backing up WordPress websites are super easy.
10. Lock down WordPress admin access with .htaccess
Utilizing a WordPress brute force plugin for this type of attack is not very efficient, and in some cases can actually lead to your site becoming unavailable due to the large amount of processing power used to attempt to challenge each and every malicious login attempt.
- Setup a secondary level password to prevent unauthorized WordPress wp-admin and wp-login.php attempts.
- Or you can rely on the information we have on limiting WordPress admin access with .htaccess.
So that’s it! Hopefully these tips help as you secure your WordPress website.