WordPress is such a popular content management system that it has become a prime target for hackers – WordPress security is now paramount.
If your website isn’t secure, it can get hacked – someone will try and do this to your site today.
Therefore it’s crucial to have a secure WordPress site.
Some of the more common security issues with the sites we look at are:
- Weak passwords – it needs to be complicated for a reason. Weak passwords allow ‘brute force’ attacks on your site. This is where the hackers try to guess your password – bombarding the site with 100s of user names (usually Admin, so don’t use that) and passwords in an attempt to gain access.
- Out-date-plugins – One of the great things about WordPress is the huge range of free plugins available to use on your site. However, if they are not up-to-date they can leave your site vulnerable.
- Badly coded plugins – WordPress has some pretty stringent rules regarding plugins distributed via the plugin directory, but they can’t check for every eventuality. Many popular plugins are found to have security issues that let the hackers in.
- Dodgy themes – These too can have code issues that allow hackers ‘back door’ access to your site.
Fix the simple things
Logins and Users
All software, WordPress or otherwise is only as secure as the password you use to protect it.
If your current site has a user named Admin, remove it, now.
Hackers know that the URL for your dashboard is /wp-admin/ and that your log-in URL is /wp-login.php.
Using the Admin username also gives them 50% of your login credentials.
Simple, but effective. Login captchas quickly and easily add a little bit more security and can prevent brute force attacks – a really easy trick to improve WordPress security.
It’s a big plugin, but this also adds additional layers of security, plus you get the benefits of being linked to WordPress.com and all the data they hold on hackers.
Turn on auto-updates
Not something that’s right for every site, but if this works for you, it will mean everything is kept up-to-date.
Have a fall-back
Make sure your site is backed-up regularly so that if the worst happens, you’re covered.
Have you been hacked?
We provide clean-up services for hacked sites. Better still, if you are on one of our support plans, the security, hack protection, and should the worst happen, hack clean-ups are all covered.
Hack-proof your site