How to Keep a WordPress Website Secure

WordPress is the world’s most popular blogging platform, with an estimated 60 million sites on the web. But something so popular and widely used is an obvious target for hackers. So how do you keep your WordPress site secure? Here are some top tips to help keep your Word Press site safe and sound.

Have strong passwords

This is the number one tip for web security across the board always use strong passwords and use different passwords for different online logins. Never use a password that’s easily guessable (such as your name, date of birth, etc.). A strong password would be a random sequence of at least 10 capital and lower case letters, number and symbols.

Why? Because 'brute force' attacks simply try to guess your password through systematic trial and error methods. Nothing clever about it. So longer, harder to guess passwords will keep you safer, for longer, as the attacking program will probably move on after a few minutes of failed attempts. Often they'll revist on a daily basis and take up where they left out, so updating your password regularly (to a never before used password) is also a good idea.

Remain up to date with your WordPress updates

WordPress release regular updates to introduce new features, fix bugs and, most importantly, to close known and exploited security holes. Some hackers specifically target older versions of WordPress as they have known security issues. By not installing updates you could be leaving a wide open door to hackers. Many people are wary of installing updates in case they disrupt their themes or plugins, but the disruption and damage caused by a malicious attack would be so much worse, so hit that download button.

Use secure web hosting

Choose your webhost carefully; don’t just go for the cheapest hosting package. Do some research and pick a reputable web host with a history of strong security. It’s wise to pick a host that specialises in WordPress sites as they should have their fingers on the pulse in terms of updates and vulnerabilities.

Protect your username

First of all, don’t use the default option of “Admin” as your username. It may be easy to remember but it’s also the very first thing that hackers will try. To change you username the easiest way is to create a new admin account with a less predictable username and then delete the old one. Secondly, protect your username so it’s harder for hackers to find it. Change your settings so the username you use to login is not the one displayed in your author blog, archive page or at the end of your posts.

Monitor your site

Use a monitoring service like Sitestillup to keep an eye on your website. You will be notified via text/email the instant there is a security breach, virus or other issue with your site, allowing you to act quickly to counteract the attack. You should also monitor failed login attempts (repeated login attempts are a strong indicator of hackers/bots trying to brute force access to your site) and block any offending IP addresses.

Keep your site tidy and your computer clean

Inactive plugins and old themes can act as loopholes for hackers to get easy access to your site. If you no longer use them then delete them. And remember that all these tips are irrelevant if your computer itself is a security risk so make sure that every device you use to update your website is virus and malware free. Install some decent anti-virus, firewall and malware software and keep it up to date.

Don’t install plugins, themes or apps without a thorough check

Do your research and only install themes and plugins from reputable sources. Themes and plugins can sometimes be digital Trojan Horses, hiding malicious software that will hijack your site from the inside. It only takes a few minutes to do a few web searches and check some independent reviews but it could save you a whole world of pain later.

Use security plugins

There are a plethora of useful plugins available which will help you keep your site secure. From creating firewalls, protecting limiting login attempts to searching your site for malicious code there’s a plugin for almost everything but remember tip don’t install anything you’re not 100% sure of .

Don’t login from an unsecure Wi-Fi connection

Never connect to your WordPress site via an unsecured public Wi-Fi connection as local snoopers would be able to see your login username and password.

Keep a back up

Last but not least: Keep a backup of your website and update it regularly at least once a week. If the worst does happen and your website is compromised, you can get the whole site back to normal quickly and easily (once you’ve patched up your security).