WordPress is one of our favourite Content Management Systems (or CMS for short). It’s open source and one of the most widely used CMS platforms around the world. From bloggers to businesses it’s a great choice. But, just how secure is it?
You’ve probably put a lot of effort choosing the right theme, installing plugins, creating content and designing a layout that’s tailored to your user journey. And then one day, you try to login to your WordPress website and… all your data is gone or your site has been infected with malware! You realise you can’t even login because a hacker has changed your username and password. You’re left with a big headache and a potentially bigger bill to have someone fix it, or worse – you’ll have to start over.
Fortunately there are some simple steps you can take to prevent these scenarios! Here’s a few we suggest:
Install a security plugin
In our blog post 5 Ways To Secure Your Website we explain some of the basic security steps you can take to avoid disaster. By using a security plugin you can take things a step further. There’s several great plugins that provide you with a host of security features for your website. Our favourite is WordFence. It acts as a firewall and virus scanner and has a wide choice of additional options such as letting you change the standard login URL from /wp-admin/ to… whatever you like! These features are essential to preventing hack attempts or brute force attacks. We install WordFence as standard on all of our client’s websites.
Pick your username and password wisely
If you’ve ever installed a fresh copy of WordPress you’ll know that “admin” is the standard username for new accounts. Well, if you know it, hackers know it too and if you don’t change it you’re already giving them an advantage. Change your username to something unique for each of your WordPress websites. Don’t let them know what you know!
It’s really important to use a password with a high strength level. It might be tempting to use a password that you’re familiar with and that’s easy to remember but those are also the easiest ones to hack! Try to create a password that is at least 8 characters in length and has a combination of both uppercase and lowercase letters as well as numbers and special characters. It might be harder to remember but it will be far easier than the hassle of being hacked! Using a password management tool such as KeePass will allow you to store any number of complex passwords so you don’t have to remember them or write them down anywhere were they can get lost or worse yet… someone might find them (the sneaky devils!)
Install the latest updates
We’ve previously discussed the importance of updating WordPress, your plugins and themes and how this can improve your website’s security. As WordPress is an open source system, it won’t take long for hackers to find and exploit the security vulnerabilities in the latest version. Bug and security fixes are released on a regular basis to plug these holes. If your version of WordPress is out of date, you’re taking a big risk. Make sure you keep it updated on a regular basis or as soon as they become available.
Keep a regular backup
We’ve all been there, we spend hours and hours writing that document only to experience a crash and… all the work is gone! It’s a horrible feeling. We know we should be hitting that save button every 5 minutes. When it comes to your WordPress website, it’s not so simple. If you get hacked or you install an update and your website breaks, without having a backup you’ve got no redundancy. If you update your site on a regular basis, taking a regular backup is even more important. Make sure you have a backup system installed. Your hosting provider might offer this as a service to you or you can install a plugin such as BackupBuddy.
Get a Managed Service Hosting Plan
You can purchase very affordable hosting nowadays, but you get what you pay for. How reliable these services are in terms of support, site loading speeds and uptime depends on who you go with. But security is a very important factor to consider. When you purchase a hosting plan you are putting your website and it’s security in the hands of your hosting provider. Check if they offer any type of security services. They may just be renting you space on an unsecured portion of their server and managing the security settings may be left to you. If you’re not an experienced System Administrator, you’re going to struggle.
Do your research and choose a hosting provider that is strongly focused on security and offers a range of anti-spam and anti-malware tools. Better yet, sign up for one of CODE’s WordPress Secure Hosting Plans and we’ll make sure your website is secure not only on our server, but we’ll also maintain the updates on your WordPress site, fix any compatibility issues between themes and plugins, install and maintain security plugins, provide daily backups and perform daily malware scans. Cover all your bases with one monthly cost for peace of mind!
May you never be hacked or lose data again!