7 Essential Tips for WordPress Website Security

Today there are a lot of things that can go wrong with a website.  Hackers are always looking to gain access to websites to collect data or just to deface the website and make their mark.  Website security is a very vital part of web design and development process and is implemented right from the beginning when I develop a website.  CMSes like WordPress make it easy to manage your content as well as stay up to date with security vulnerabilities.

As the website owner there are some things to do keep your website secure.  These may have been implemented for you when working with a developer, website security firm, or host but if you are doing the site yourself or trying to maintain it yourself here are some things you should make an essential part of your website security.

1. Use Secure Passwords

Secure passwords should include a good mix of symbols, mixed caps letters, and numbers.  When creating passwords your should also avoid dictionary words.  Generators for easy to remember secure passwords. Around 10 character or more

2. Use Unique Passwords for Each Aspect of Your Website

Use a different password for your domain registrar, hosting, cPanel, ftp, email and CMS admin.  That way if any part in the chain is compromised the other parts are secure and you’ll have a greater chance of recovering.

3. Don’t Use “Admin” for Your Username

“Admin” is the most used username and is the first attempted for brute force attacks.  By using something different you greatly increase the difficulty of guessing the username and password combo.  Also, use something that is not directly tied to your website like your business or domain name as these are next in the chain of guessing.

4. Use Admin Permissions Sparingly

Giving all of your website members the “admin” role is definitely something to consider against.  Many members, including those who will be contributing and making edits, fit under the editor, author or contributor.  This helps protect your site in case one of these accounts are compromised.

5. Keep Your CMS Updated

Security updates are released pretty often with some of the most popular CMSes like WordPress. These updates fix vulnerabilities that have been discovered so that your website continues to be safe.  WordPress has begun automatically pushing minor updates for security and performance.   Follow your CMSes news and updates mailing list to get alerted when new versions are released.

6. Always Keep a Backup

With WordPress there are a lot of plugins that can help get the job done. Some that can save to your server via FTP and some that can email the backup to you.  It’s best to make a copy of all of your files and databases onto your computer in a secure location. WordPress managed hosting is also a great solution as most keep regular backups for you and also provide security and speed optimization. Siteground is a great one to check out.

7. Track Admin Logins and Failed Attempts

Brute force attacks attempt to guess your user name password using software and the most popular names.  Plugins are available for WordPress, like “WordFence” and “iThemes Security”, that track the number of login attempts and block the IP as you see fit.  This can prevent many attacks.

Additional Info on Plugins

There are a lot of plugins that can add a lot of extra security and even increase the performance of your website.  They can monitor your source files for changes, require cell phone verification for logging in, throttle search engine crawlers, block fake Google bots, scan for vulnerabilities, rename the default login page and much much more.  Many are free with some offering a premium version for a cheap subscription.