WordPress Security 101
We have all heard about websites being hacked. The Philippine government was hacked repeatedly in 2013 and so was the U.S. government. A quick search of the internet will bring up many more instances of hacking. If governments have problems – how can you prevent the same attacks happening to your WordPress site?
Maybe you think that your site wouldn’t be attacked in such a way – but it is always better to be safe than sorry. So what can you do?
Here are 7 simple actions you can take to protect your WordPress website from external threats:
- Updates: Make sure you update your version of WordPress and all of your plugins regularly – whenever you are prompted to do so. These updates not only fix annoying bugs, but they also help protect your site. This is because whenever a security breach is found – patches are created and sent out – so make sure you use them.
- Password: This one is a no-brainer. Do not have the same password for everything in your life – least of all for your website. If you want have a look at this article about creating strong passwords. Make sure that your passwords are not easy to hack. And do not have your WordPress password as ‘admin 123’ or ‘password’ or you will become a hacker’s best friend.
- Login limits: Hackers use software to repeatedly try different passwords – so if you limit the number of login attempts in an hour for example, you effectively shut the door on hackers. There are plugins available for this.
- Malware: Protect your PC from malware and you help protect your website. So keep your computers virus and firewall software up to date.
- Security Plugins: These are easy to install on your WordPress site and will block any attempts to submit text that wants to run as code and hack your site. Whichever firewall plugin you use, and there are lots available, make sure that the plugin is regularly updated.
- Backup: If all else fails and you get hacked (or your server gets hacked) at least if you have a clean backup of the website you can be up and running again fairly quickly. With no backup you may have to redevelop the entire website including content, add plugins etc. This can be a very costly and time consuming exercise.
These 7 actions will help protect your website from malicious attacks, but sometimes a hacker is too determined and gets through despite all your efforts. In this case you will be glad you have a clean backup ready to go. And a final point to note – never give anyone full access to your website that you do not trust completely.
Jason is a Web Developer at Cornerstone who appreciates building websites that delight and inform. He is a curious person, and enjoys work that challenges him to learn something new and stretch in a different direction.