We’ve all heard the horror stories of hacked WordPress sites. These stories might lead you to believe that building your website on the WordPress platform presents unreasonable security risks. The truth is, any platform you choose is at risk of being hacked. But it may surprise you to know that there are a few simple steps you can take that will significantly increase the odds against your WordPress site being hacked. Let’s have a look.
Disclosure: In the spirit of open and honest transparency, we want to let our readers know that some of the links in this post are ‘affiliate links.’ This means if you click on the link and purchase the item, 1 Source Web will receive commission. We are very particular about the products and services we recommend and only do so with products we ourselves use.
Use a Strong Password
This one might seem like one of those “duh” moments but we are constantly surprised at how many WordPress users overlook this one. This is actually the most vital of all security measures you can take. The password to the admin area of your WordPress site is like locking the front door of your house. You could have the greatest security system in the world but if you leave the front door unlocked, anyone can walk right through. If your password is short, if it is readable, if you use the same password for multiple sites, or if someone who knows you well could guess what it is, then you are at risk of being hacked.If you have a site with several WordPress users or allow visitors to create their own accounts, you can add the Force Strong Passwords plugin to make all users keep their passwords on the beefy side.
Move your WordPress Login Screen
Many WordPress hacks come from malicious bots that are programmed to crawl the web looking for WordPress sites. Once they find one, they’ll add “/wp-admin” to the end of the site’s URL to get to the login screen and try to force their way in. You can add an extra layer of security by making your login screen harder to find in the first place. The WPS Hide Login plugin allows you to change the location of your login screen from “/wp-admin” to whatever you want. You could use something like “/mysitelogin” or “/open-sesame” or anything else. Whatever you choose, any user who tries to use the old “/wp-admin” link will just see an error message, stopping bots and would-be hackers in their tracks. We recommend this to all of our WordPress clients and WPS Hide Login is one of the plugins we install for clients who purchase one of our Website Care Packages
Keep your themes and plugins updated for optimum security
This is another obvious one, but themes and plugins can occasionally have security vulnerabilities, which are patched by the developer as soon as they’re discovered. It’s important to update regularly, because many malicious bots specifically search for out-of-date plugins and themes with known vulnerabilities.
This is just another task we take care of for you with our Website Care Packages but if you don’t have the plan then you need to update your themes and plugins regularly or you risk leaving your site exposed to these vulnerabilities. Plus, updates often patch other bugs and enhance usability, so it’s a win all around.
Add an SSL Certificate
While this isn’t necessary for all sites, it’s essential for any WordPress site collecting sensitive user information. But even if that’s not the case, an SSL certificate still helps to secure your site’s transmissions. Plus, Google ranks secure sites higher in search engine results, so you get a little SEO boost with a secure site as well! And oh yes, this is another service you get with our Website Care Packages.
Don’t Skimp on Hosting – Ask About Server Level Security
While it is true that you can find places to host your WordPress site for as little as 5 bucks a month, rest assured you won’t be doing yourself any favors when it comes to security. There are a lot of security plugins out there for WordPress sites but that is just one more plugin to configure and manage.
A better alternative is to host your WordPress site with a hosting provider that offers managed hosting with server level security. This virtually eliminates the need for third party security plugins. We host all of our WordPress client sites at Flywheel. Every site hosted on Flywheel enjoys a server environment specifically tuned for WordPress, blazing fast speeds, limited login attempt protection at both server and site level, intelligent IP blocking and Hacker-free security provided by Sucuri, the leading provider of WordPress Security solutions. The cost of hosting on Flywheel is a bit more than some but well worth it even if security is the only consideration.
So, there you have it. There are some other measures you can take but these are the easiest and most effective when it comes to WordPress security. We hope you find these tips helpful. Give us a shout if you have any questions.