5 Ways to Keep Your WordPress Site Secure
Although WordPress is an excellent CMS system, over the years it has become apparent that there are vulnerabilities that can be exploited. As a webmaster, you need to have a proactive attitude to tackle any security risks head on and prevent any serious damage to your website and brand sentiment. It is easy to get into the habit of thinking that it won’t happen to you as you have basic security measures in place but as WordPress is a platform for 23% of all sites online, it isn’t worth the risk of leaving your site vulnerable to hackers and malicious threats.
Below are our top 5 ways to keep your WordPress site secure:
Our first and most simple step to ensuring maximum security of your WordPress site is to keep it updated; meaning WordPress itself, the themes you have installed and any plugins that are running. Recently there has been a serious vulnerability due to an out of date version of Revolution Slider which resulted in malware hacks for many webmasters. This issue could have been prevented if they had updated the plugin! To avoid missing any updates and therefore making your site vulnerable to malicious attacks, you can add the below code to your wp-config.php file to make plugins automatically install without assistance from you.
add_filter( ‘auto_update_plugin’, ‘__return_true’ );
It can be difficult to spot security threats by just looking at your website, so it is essential to have your website verified with Webmaster Tools. Webmaster Tools gives you access to all the important data about your site that can help you spot any sudden unexplained peaks in traffic or enquiries. Once your site is verified with Google, they will email you letting you know if there has been attempts to hack your site. This is a great, yet frightening, email to receive as you can then change your password and update any plugins that may be making your website vulnerable. If you hadn’t verified your website, you would never have known until it was too late! Once you have resolved the issue, you can verify your site as ‘working’ to Google so they know your website is no longer a threat.
Before the release of WordPress 3.0, the first user account created on your website was automatically given the username ‘admin’. However, in newer versions of WordPress this is no longer the case so it is essential that all your logins make sense and are secure for example if an external agency need access to your site, their login should resemble their business name and if someone from within your organisation needs a login then it should be their name or a username you can easily associate with them. As ‘admin’ used to be automatically set, hackers will always trying to hack this login first.
A common tactic used by hackers it to try a variety of different usernames and passwords to try and login to your site. This can be prevented by disabling multiple login attempts or setting a limit so the hacker will be locked out after a certain amount of tries. You can also set up email alerts so you get an email whenever someone tries to log in to your site, authorised or not.
WordPress comes with many plug ins to improve overall functionality of your site and to add attractive design elements. However, with thousands of plugins available at your fingertips you need to be aware that these plug ins may cause vulnerabilities to your site and may not be worth the risk! When considering downloading a new plug in you should check how long ago it was updated; updates mean that the development team has resolved any issues with the previous update so if it has been a long time since an update was made then it probably isn’t safe to download. A good insight into how good a plug in is, is to read around for reviews and real user feedback, this will help you spot any red flags with the plug in before you download it. If you spot a plug in that is exactly what you’re looking for but the source is unknown, don’t take the risk! The plug in could contain malicious code that could seriously damage your website, always download plug ins from trusted sources.
Security plugins like WordFence are also very much worth installing and using.Back to Blog