Regardless of how your site is structured or coded, you need to be aware of and do certain things to make sure your site remains secure and is not a target of hackers. For WordPress, these steps are pretty simple and can, for the most part, be handled automatically or with little effort. The key is to get a system in place and follow it!
The primary reason sites get hacked is due to lax security and outdated software, themes and plugins. If you have a WordPress website, you now have the unavoidable responsibility to keep that site up to date. That's just part of the gig. When WordPress updates -- you update! When your them or plugins offer an update -- you update!
Updating is not something that you have the luxury of ignoring. Don't keep up and you may wake up one morning to a hacked or broken site.
Today I'll share with you the basics that anyone who is not a techie can easily integrate to help protect their WordPress site/Blog.
5 Steps to a Secure WordPress Website
- Once your WordPress site is setup, setup a new account and then delete the default Admin account. Hackers look for that "admin" account to exploit.
- Make sure your WordPress Username is not your name. That's the first guess those trying to access your system will make.
- Change your password to something wacky. Not your pet's name, not your husband's nickname, not your birth date -- and for goodness sake not "password". Include at least 8 characters, both upper and lower case and throw in some other characters for good measure. WordPress suggests difficult passwords (like this: vPh#[email protected]) for you to use on your User page under Account Management > New Password > Generate Password Button. As crazy as those passwords are -- they work -- use them! Do the same for your server/FTP password by creating a different password than what you use for your WordPress login.
- Install a Security Plugin. All In One WP Security & Firewall or Wordfence Security will help you to cover all the bases.
- Update, update, update! But back-up first! When you see that nag bar at the top of your screen, update WordPress and your plugins right then and there. Not sure how? I've got a post to help you backup and update WordPress as easy as 1,2,3!
One last thing... Who you use to host your site can make a huge difference too. Hosting companies that offer Managed WordPress Hosting are in a better position to secure their servers because they know WordPress' vulnerabilities. Things like multiple, powerful firewalls between your data and threats and proactive detection and elimination of malware.
That's why I trust WPEngine (<=AffLink) for all my sites.
I hear from panicked WordPressers after their sites have been hacked -- no backups; no precautions taken. If you find yourself in this position and crying like a baby -- you'll have no one to blame but yourself because now you know better!
You can avoid this unpleasant experience by taking the 5 steps above. Go on -- what are you waiting for?
At your service,