With over 1 billion websites on the internet, WordPress remains the most popular web publishing platform. It comes as no surprise that many organizations and individuals have opted to build their websites on WordPress, as it is one of the most user-friendly platforms available.
However, as with any platform, WordPress websites are just as vulnerable to malicious cyber attacks.
Hackers don’t care if your page gets millions of visitors or just a few daily views. Any page is vulnerable to threats and cyber attacks – that’s why it is important to make sure you are keeping your page up to date and safe!
Here are 6 steps you can take to make your WordPress site more secure:
Get a good hosting company
Research reveals that over 40% of the websites hacked were due to vulnerabilities in the hosting platform. When starting out, it may be tempting to select a hosting company based on their pricing. But in the long run, it is not a safe approach. After all, with your website, you are building your online presence and you just cannot leave it to chance. Here are some important questions to consider when selecting a hosting company:
- Are their servers optimized for WordPress sites?
- Do they offer support for the newest versions of MySQL and PHP?
- Do they have advanced malware detection capabilities?
- Does the service come with firewall protection optimized for WordPress?
- How efficient is their support service?
- Is their staff up-to-date on the latest WordPress security concerns?
- Do they offer regular (preferably daily) backups?
Do NOT use “Admin” as a username
When you build your WordPress site, the basic login credentials that you are offered have “admin” as the username. Most cyber-attacks are aimed at your wp-admin access point by trying “admin” as the username and several combinations to determine your password.
If you need to create a new user you can follow these steps: On WP click on Users > New User. Choose a unique username and complex password. Then, you can delete the original user account which has the username “admin,” and you are done. In regards to the content created under the username “admin”, you can simply assign it to the new username that you created so you do not lose any important information or posts.
Use a complex and secure password
Never use something simple like “Admin123”. Passwords should include a mixture of numbers, symbols, and capital and lowercase letters. Also, whenever it is possible (and an available option), you should make sure to require two-factor authentication. Two-factor authentication is an extra layer of security designed to ensure that you’re the only person who can access your account, even if someone knows your password.
If you need any assistance with your website, WordPress, SSL’s, etc – we can help!
Keep in mind that WordPress can also generate a very complex password for you. Choosing this is completely up to you.
Enhance security with two-factor authentication
Two-factor authentication adds another layer of security for hackers who manage to surpass your initial login credentials. Although a bit of a hassle, the benefits that it offers in terms of security cannot be understated. Two-factor authentication is a given for most access points (think Gmail, PayPal).This form of security works by requiring a user to have more than two pieces of criteria to log in. This can be your username and password complemented by a special access code or pin sent to your mobile device, all of which are needed to gain access. As a result, a hacker who has broken your username and password will also need your mobile device if he is to gain access to your WordPress site.
Secure WordPress admin panel:
If you want added protection to your admin panel, this video will show you how you can force it to use an SSL connection. Note: you would need an SSL certificate already installed on your website in order to do this (we can help you with that if you do not have one yet) – and you will need to use this free plugin. Watch this video below to see how to do this:
Grant access to others on a case by case basis
When your team members or any third party (whom you trust) require access to your site, grant them access on the following basis:
- Those who need it
- When they have an immediate task to fulfill
- For the duration that the task is completed
Once the task is completed, remove that user’s admin rights. Also, when it comes to your team, not everyone needs admin rights to perform some tasks. Allow only the access necessary for the task at hand. Also, make sure that when someone leaves your team, any access granted is immediately revoked. Keep someone in charge of this so it is not forgotten if and when employees or team members are no longer with your business.
Although these are not the only ways to make your WordPress site more secure, it is an ideal starting point and puts you ahead of many others. Believe it or not, many of these simple steps above are often ignored or simply overlooked. Is there something on this list you will start implementing?