A secure WordPress website is very important to allow you to grow your business in a stable and secure manner. Most online entrepreneurs don’t think they have time to worry about their website security. They think that because they are on a platform like WordPress things are good enough. But, did you know that WordPress is used by over 35% of all websites? Did you also know it is a favorite target for hackers?
According to Forbes Magazine, on average 30,000 new websites are hacked every day. These are usually legitimate small business sites, like yours!
To grow your business, it’s extremely important to have a stable and secure website. But it really isn’t that hard. Read on for all the details.
If you’ve heard that WordPress is inherently unsecure, then you may be missing out on all the great things WordPress has to offer, for no good reason.
The fact is, while WordPress sites do get hacked, they are no more dangerous than other php-based websites. The problem is that WordPress is open source, which means that anyone can read the code—even the bad guys who spend all their time looking for vulnerabilities they can exploit. Couple that with the enormous popularity of WordPress, and it’s easy to see why you hear about hacks on a regular basis.
In fact, one of the websites we support was attacked over 425 times in 1 day! Thankfully, those attempts were unsuccessful due to the measures we put into place.
By implementing just a few security best practices, you can greatly reduce your risk of being hacked. Read on to learn how to secure your site.
#1 – Keep Your Site Up to Date
This is by far the biggest risk when it comes to security. New vulnerabilities are discovered in WordPress and its plugins and themes on a regular basis, and if your site is out of date, it is at risk. Hackers actively search for outdated websites they can attack, so make it a point to keep your site up to date. That includes plugins, themes, and the WordPress software itself.
We make it a practice to update our plugins every week. It only takes a few minutes each week and it goes a long way to secure WordPress and reduce this risk. And when your hosting provider notifies you that WordPress needs updating, pay attention to that notice and make it happen!
#2 – secure wordpress with Strong Passwords
Second only to out-of-date installations when it comes to inviting hackers, weak passwords are regularly exploited with a technique called a “brute force” attack. Simply put, a hacker sets a computer program to repeatedly attempt to log into your site using thousands of the most commonly used passwords and what are known as “dictionary” words.
We routinely see attempts to guess administrative and user passwords on our websites.
This type of vulnerability can be easily avoided simply by choosing good passwords. Ideally, your passwords should:
- Be longer than 16 characters
- Contain upper and lower case letters, numbers and symbols
- Never be used for more than one site
- Never be stored in plain text on your computer
- Never be sent by email
Any administrator account on your site MUST use a strong password. These are the accounts the hackers are trying to breach.
Also, consider using a password manager such as LastPass to generate and securely store good, strong passwords. You’ll never have to worry about remembering your passwords, and you’ll greatly reduce your risk of being hacked.
When it comes to regular users and customers on your site, WordPress does not enforce strong password policies. When a user creates or changes a password, WordPress shows a “strength meter”, but allows the user to have a weak password, like “password”. Several plugins are available to enforce strong passwords. One we like is Password Policy Manager from WP WhiteSecurity.
#3 – Install A Firewall and Security Plugin
Hackers are constantly probing websites for vulnerabilities that allow them to gain access to restricted areas of your website. The vast majority of these are known as “injection attacks”. We see dozens of these attacks every week on our websites. The best defense against these attacks is a website firewall.
While some hosting providers offer firewall services, it is a best practice for a secure WordPress website to install a dedicated firewall and security solution for each WordPress site you have. There are a half-dozen or so plugins available today. We are quite happy with the WordFence plugin. It has defended us from numerous hacking attempts.
#4 – Be Smart About Your Hosting for a secure wordpress installation
Unlimited domains! Unlimited space! Unlimited bandwidth! And all for around $8 per month. You’ve probably seen the claims and may even have a hosting account with one of these companies.
Here’s the problem. This type of shared hosting is inexpensive only because they overload their servers with thousands of websites. Just as close proximity in crowded classrooms allows human viruses to quickly spread, close proximity of websites on a shared server means one infected site is a risk to all the others.
Rather than looking for the least expensive (and riskiest) hosting option, choose a host that allows you to isolate each site on its own cPanel. Doing so will greatly improve the security of your website. We love the hosting services we get from SiteGround.
In the end, the safety and security of your site and its data is entirely up to you. Keep your software up to date, use good passwords, install a firewall, and choose a secure hosting environment, and you’ll be well ahead of the curve on this. A secure WordPress website can be created and maintained with just a little effort on your part.
For more information on these features, and others, in WordPress, check out these additional posts: