Air-Tight WordPress Security
In today’s world of cyber crime (and even cyber warfare), keeping your site safe and secure is of the utmost importance. What does that mean? Well – with a WordPress site, there are things you can do even if you’re not a massive nerd.
- Make sure you have off-site backups
- Update WordPress regularly
- Update Plugins regularly
- Make a tough password and change it regularly
- Make sure your computer is free of spyware, malware, and viruses
We recommend using the plugin UpdraftPlus as a backup solution. You can store copies of all your files and databases on Google Drive or Dropbox. Sure, your hosting company tells you they have backups. But if something goes wrong and they can’t recover they backup, their response is, “Sorry.” – and you’re out of luck.
Make sure you have a backup, heck – make sure you have TWO backups. Make sure you know where your backup is and that it’s stored somewhere other than your current host. If you don’t know what that means, your friendly neighborhood web folks would be happy to help!
Updating WordPress Software
WordPress updates their platform all the time. Quite often, there are fixes for known security problems packaged in these updates – if your site isn’t using the most recent WordPress software version, get updated! Be aware however, that you should have a recent backup first – updates can occasionally break themes and plugins.
Updating Your Plugins
Just as you update WordPress, you should also update your plugins. As with WordPress updates, older plugins may break and you want to make sure you’re using plugins that are dependably updated too.
Before installing a new plugin, check the ratings on it as well as how recently it’s been updated. Use plugins that have a good history and you’ll save yourself immense headaches in the future.
Make an Uncrackable Password
WordPress is a very popular platform for websites – that alone makes it a huge target for hackers. By default, the latest version of WordPress provides long, random strings as your password. Use that. Don’t use ABC123, or 123456, or your pet’s name. Your site will be hacked, we guarantee it. Even better than the random password from WordPress – make your own long, complex password with special characters like * or $.
One idea is to use the first letter of every word in a song – or a longer phrase where you replace some letters with numbers or symbols. For example, if you wanted your password to be, “Twinkle Twinkle Little Star,” – you could spell it like this “Tw!inkleX2little*.” The latter combines alphanumeric characters with some other special characters and is much more secure than the original lyric.
You’ll also need to make sure that your hosting account, Control Panel, and FTP (File Transfer Protocol) client all have tough passwords. Hackers can come in the back door through FTP and malicious scripts injected into your WordPress database.
Down to the nitty-gritty, back to the basics – is your computer secured? If you have viruses or malware with a keystroke logger (a type of software which tells whoever hacked you exactly what keys you press and where you’re clicking) your site could be compromised – no matter how many characters you used in your password.
Make sure you use Computer Security Tools like firewalls, anti-virus software, anti-spyware software. Even ad blockers can help prevent malicious scripts from running in your browser.
And There’s More
These are basic ideas that any WordPress owner can accomplish – but there’s more than can be done to harden your WordPress website.
- File permissions
- Changing database prefixes
- Securing the admin page
- Adding two-step authentication
- Changing the name of the administrator
- Using monitoring tools
- And more…
CME Websites offers a monthly update service where we update your WordPress site on a monthly basis. We can also help you in hardening your WordPress website. Visit our Website Security Services page for more information!
Check out some of our past blog posts for more about WordPress Security!