When it comes to WordPress alot of people say it isn’t secure. In this post im going to show you that it is actually secure its everything else that can make it appear unsecure. Like computers the security is only as good as its weakest link and for computers this the users. For WordPress the weakest links are generally weak passwords and outdated themes or plugins.
When you drive your car you need to add fuel to it, check the air pressure in the tires and book the car in for scheduled maintenance. With Word Press you need to also do routine maintenance on your site by updating the plugins, update the theme, ensure the passwords are secure and ensure you have a good backup of the website and database. At All Star IT we recommend to our clients to use our Managed Word Press hosting which includes updating your site and ensuring its backed up. Whilst this costs more than basic web hosting you get the advantage of having your website updated and added security for website.
Here are a few other tips you can use to keep your site more secure
Unused Themes or Plugins:
Often you try a plugin you may change your mind or switch to a better one. Make sure you deactivate the plugin and delete it off your site. Same for themes you often get about 3 or 4 on a fresh install of WordPress. If your not going to use them – remove them.
3rd Party Access to your site:
If you have a digital agency or company who requires access to your site here are two things i recommend:
- Be sure you can trust the person your emailing the login details too.
- If they need to access your dashboard create them a new login to use specifically for them. Give them administrative rights but once they are done doing what they need to do change the password.Then the next time they need to login they will need to request access. It sounds like a pain to keep resetting it but it keeps your site secure and no one has unattended access to your site.
Change the default Admin username:
By using Admin to login to your dashboard your making it very easy for hackers to know your login, now all they need to do is guess your password with brute force attacks.
This one is also critical and that is backing up your WordPress files and also backing up the database. You can do this your self, use our managed WordPress plan or use a backup plugin.
Having a secure password is good but adding extra security is better. We use iThemes Security plugin but there are a few other good ones to use. WordFence is another popular one. Basically once this plugin is installed you add another layer of security to your website. It can prevent unauthorized access to your website by blocking too many failed attempts to login to your website, fix common loop holes, help with spam comments and many other security features. Note this will improve the overall security of your website from many common attack methods but its not a silver bullet solution and you can still potentially have an attack on your site. Just like having a seat belt in a car – you can still die in a car crash but having the seat belt on can certainly reduce the risks.
Have Strong Passwords:
Having a weak password makes it easy for hackers to gain access to your site. Dont use the same password for multiple sites and use a strong password that is at least 15 characters long, contains uppercase and lowercase letters, numbers and special characters.
Update your Themes and Plugins:
This is probably the most important thing to do with Word Press. Keeping your site up to date with the WordPress updates, theme updates and plugin updates. These updates usually fix vulnerabilities and security issues so the quicker they get installed the less likely your site will be exploited. Exactly the same reasons why computers do windows updates to plug the vulnerabilities up and keep your PC secure.