Getting your WordPress site hacked is never a fun experience. As of March 2016, Google reports that more than 50 million website users have received some type of warning that a hacker was attempting to install malicious software or steal information. This figure only increases each month. Most WordPress users mistakenly assume no one would ever hack their site. WordPress is a popular platform, which means hackers try to crack into its sites on a regular basis. Hackers don’t discriminate when they choose a site to hack. Taking a few basic security prevention measures greatly reduces your risk of hackers, ensuring your site runs smoothly and you sleep better at night.
Secure your Administrator account
Many WordPress users choose “Admin” or another obvious name for their Administrator accounts, making it really easy for a hacker to guess your login name. Once you’ve installed WordPress, you can’t change your username. To get around this issue, create a new user account under Users > Add New. Assign the new user to the Administrator role. Under Users, delete your original Administrator account.
Change your password regularly
Avoid commonly used passwords as well as any combination of common words. Create a long password with 12 characters or more with varied capitalization, spelling, numbers, and punctuation. Random strings of letters and numbers are ideal. If you’re struggling to create your own random password, use a password generator, such as Strong Password Generator or Norton Password Generator, and then store it in Keeper or another secure password database.
Keep WordPress updated
Every time WordPress releases a new version, the team also releases a detailed change log. The change log includes every bug they’ve fixed since the last update. This change log is a guide for hackers who want to target these bugs in previous versions of WordPress. It may not seem like a big deal. But at any given time, the majority of WordPress sites are outdated, leaving thousands of users vulnerable. As soon as you see a new update is available, install it.
Keep your plugins updated
Similarly, each time there’s a new version available of a plugin, you should install it as soon as possible. You never know when plugin developers are releasing an update to combat a serious vulnerability. Installing the update eliminates the risk of the vulnerability affecting your site. Limit the number of plugins you have running on your WordPress site at any given time. Delete any plugins you’re no longer using to keep your website running smoothly with faster load times and minimal risk of hacking. Delete any plugins that have been deemed unsafe as well.
Download plugins and themes from reputable sources
The best place to download WordPress plugins and themes is WordPress.org. WordPress thoroughly scans all content before adding it to their directories, ensuring it’s safe and will run properly with the latest version of WordPress. When you’re interested in a premium theme or plugin, choose a reputable source, such as Themeforest, or another reputable software developer.
Choose the best hosting you can afford
You get what you pay for, and website hosting is no exception. Your security efforts won’t make much of a difference without solid WordPress hosting. If you opt for shared hosting, confirm that the plan includes account isolation, to prevent another website on the server from affecting your site in any way. Ideally, select a managed WordPress hosting provider catered to WordPress users. The provider should include updated PHP and MySQL, a WordPress firewall, a server designed for WordPress, routine malware scanning, and a customer service team with comprehensive knowledge of WordPress.
Backup your WordPress site regularly
Backing up your site won’t prevent hackers from breaking in, but it will help you get it up and running again quickly in the event that there is an issue with your site. Even when you don’t suffer hacking, you never know when you’ll have a conflict between plugins or you’ll accidently delete an important file. Having a recent backup of your site significantly minimizes your downtime as well as the general hassle of getting your site up and running again. There are free backup programs available, but you’ll be best served with a paid backup program, such as VaultPress.
Use a security plugin
A security plugin in and of itself isn’t sufficient for guaranteeing protection against hackers. However, it’s a great tool to use alongside other WordPress security measures. WordPress security plugins offer a host of security features including firewall protection, database scans, and file permission control. Most security plugins run on autopilot, which means you don’t need to understand the technical details or even do anything to keep your plugin running. Choose a single security plugin to avoid software conflicts. Popular WordPress security plugins include iThemes Security and Wordfence.
Security prevention measures aren’t very exciting, which may make it tempting to keep putting them off. Setting aside a few minutes per month to complete basic security tasks goes a long way toward keeping your WordPress site safe from hackers. With less time spent cleaning up website hacks, you have more time to work on your site.