WordPress blog or website! I’ve obvious many Internet site owners nagging in regards to the safety of WordPress. The opinion is that an open source script is vulnerable to all different types of attacks. However, that is most commonly no longer proper – commonly it’s the other way around. Or, ok, let’s say that it’s in part genuine, however even then you definitely shouldn’t blame WordPress.
Now is a great time to do a protection audit of your
Why? In view that it’s normally your fault that your website got hacked. There are some obligations that you must deal with as a internet site owner. So the key query is consistently, what are *you* doing to save lots of your web site from being hacked? Today, I plan to discuss fairly a few easy tips that may aid you secure your WordPress website:
1. Use Strong wp-admin Credentials
It really doesn’t help that Softaculous defaults their one click installation to use admin as the username and pass as the password. I wonder how many people neglect to change this? Perhaps I’ll tweet this blog post out at them. Be aware, there are thousands of bots out on the Internet that spend all day doing dictionary attacks on your wp-admin page. Once they gain access, it’s their site! This can be solved by using our password generator tools.
I’ll never forget, one of my websites was once hacked because I set password as “lastname123.” That’s one of the first things the dictionary attack bots go after!
2. Update WordPress, Plugins, Themes Often
In the last two years, WordPress has done an excellent job with their auto updater. I know, it can be a bit frustrating when an update breaks some of your code, but this is one of the top reasons why a website gets hacked.
Especially when you’re running multiple websites, it can be easy to forget about updates, so leaving this option on is a great way to keep your site safe and secure.
It’s not a matter of if, it’s a matter of when your website gets hacked if you’re using an old version of WordPress.
3. Don’t Install Poorly Coded Theme/Plugins
Before installing a new plugin and/or theme, do some research! Reviews will let you know a lot about the developer/ product, but look at the change-log to see how often it’s updated. Good scripts and themes are updated frequently.
Since WordPress is open source it makes it easy for amateur coders to develop a cool plugin that they can charge for. Unfortunately many of these have been developed without proper quality assurance testing. Personally, I’ve even fallen victim to this, buying themes on Themeforest, then finding out later it was coded very poorly. All hackers have to do is “train” their bots to look for certain themes, giving them wide open access to your website!
4. Install A Good WordPress Security Plugin
There are a lot of WordPress security plugins on the market, but you should use one that alerts you when things are out of date or when a failed login happened.
I’m a big fan of Wordfence and Securi but it can be taxing on your server load if you get a lot of daily unique visitors. I’d say if you get under 1,000 daily visitors, give it a shot.
If you do more than that, you may have to have your developer take a look at your setup and determine what would be your most efficient security plugin.
5. Use Secure Connections (https or SSL)
If you’ve tried to login to your wp-admin without https it’s likely you’ve encountered errors with session handling! This is actually a good thing! You should always use https on at least your wp-admin area, but really your entire site.
With SSL now being free and automatic (thanks to Let’s Encrypt) you should ensure every domain and sub-domain uses https. I was telling a customer the other day, I feel like it will soon be a requirement across the Internet and I can see Google de-indexing non-ssl websites.
6. Backup Your Site Daily
Just like security plugins, there isn’t a lack of WordPress backup plugins out there! Regardless which one you decide to use, make sure you can take a backup nightly and store it somewhere offsite such as Amazon S3 or your local hard drive. A lot of people customers like BackupBuddy. It’s highly recommended you have your website own copy (including database and main script files). Also, don’t make the mistake of backing up your website on the same server it’s hosted, that won’t do you any good!
If you follow these six-tips and frequently audit them, you will keep your website safe from hackers and online. If not, you’ll eventually learn why you should have!
Feel free to comment below with any questions!
