Photo by Souvik Banerjee on Unsplash
WordPress is by far the most popular website platform in the world, with tens of millions of live sites built with it. Unfortunately, all sites are prone to attack. You might think that your site isn’t important and won’t attract hackers, but you’d be wrong.
While there is no way to completely prevent every type of attack, there are a number of things that you can do to make one far less likely and the good news is that these can be done relatively easily.
Keep themes and plugins to a minimum
From both a security and housekeeping perspective, this is good practice. If your site has been running a while, you’ve probably installed a few plugins or themes you no longer use. Leaving these here can be dangerous and can let attackers in if there are unpatched plugins on your system.
Go through and delete any you don’t use or need anymore.
Keep everything up to date
When your WordPress dashboard tells you that there are updates available for plugins, themes, and your WordPress version, you should run them as soon as possible. As well as improvements in functionality, the updates may also include patches for security issues.
You can also install specialist bot protection that can stop automated attacks on your systems.
Keep a backup
If your site is totally compromised, or you’re locked out. Then having a backup means that you can restore everything should you need to. Check with your hosting provider to see if they include backups as part of your contract, or use a plugin that will automatically back up your site regularly.
Change your login URL
Most WordPress sites are still using the default login page which is usually your domain name followed by /wp-login. Hackers know this and will search for it when trying to gain access to your site. Install a plugin that lets you change your login URL to a custom one that is hard to guess.
Limit the number of password attempts
One way for hackers to gain access to your site is to try running a program that guesses passwords. In order to stop this, you can make it so that your WordPress site locks down accounts that have too many failed password attempts. The most common number of attempts allowed is three.
Install an SSL certificate
Using a Secure Socket Layer (SSL) is good not only for SEO but for protecting data too. It encrypts your data so that it is protected. Your hosting provider may offer SSL services as part of your contract, or for a small fee. Alternatively, you can buy one from a third-party supplier.
Protect your password
There’s no point in going through all of these security steps only to choose an easy to guess password and fail to protect it properly. Try a tool such as LastPass, which you can use to generate and store your passwords securely.
Takeaways
Don’t make it easy for hackers. Protect your WordPress website as you would your business premises.