WordPress is one of the most popular free and open-source CMSs out there. It makes the process of building sites extremely easy. As WordPress is so popular it has a large number of plugins and themes available.
But popularity also means that it gets the unwanted attention of hackers. If you are running a WordPress website, you should follow these simple rules to keep your site safe:
1. Keep everything updated.
WordPress is a little infamous for being vulnerable and being insecure. The truth is it only becomes so if the WordPress install files, themes, and plugins are not updated. The hackers then try to find the vulnerabilities through the outdated files.
2. Don’t keep the user name as ‘admin’.
The ‘admin’ username is created when WordPress is installed on your site. This is the default username for WordPress. If you do not change this username, you are making the hacker’s work easy by already providing him with the username, then he just has to take care of the password to gain access. This step is also a good security measure against the WordPress wp-login.php brute force attack.
3. Keep a strong Password.
One of the biggest mistakes while keeping a password is to create a password that is a real word or name in any language. The first thing a hacker does is run a script that tries every word present in Wikipedia as your password. The practice would be to keep generating a password using one of the many available password generators.
4. Choose the right Web Host.
Look for a web host that provides server-side malware scanning and cleanup. One of the biggest risks related to hosting is being on ‘Shared Hosting’. Look at it this way, the risk for your site on a shared hosting is the risk involved with your WordPress installation multiplied by the number of WordPress installs on the whole server. So make sure that if you still use shared hosting, your site should be on a server with the least amount of sites.
Sign up now for great web hosting deals. Starting from $16.61/month.– CTA
5. Monitor and clean up Malware.
In case you follow all the steps mentioned here and still manage to get your site infected with malware (which might very well happen), then it is important that you keep scanning the server regularly for malware and when encounter one, handle it swiftly. Some hostings even provide everyday malware scanning and clean-up support. It is always advised to use such a hosting. You could also use plugins like Sucuri to monitor your site.
6. Delete unused Themes/Plugins.
Keep your WordPress install as clean as possible. Delete all the unused plugins and themes present on your site. Any one of these could lead to a potential security breach and allow malware to enter the site.
7. Limit the number of login attempts.
One of the most common threats to any site is a brute force attack. This attack tries every combination of Username and Password present to try and log in to your admin account. You can keep your site safe from such attacks by simply installing any one of the many plugins that limit the number of login attempts made from a single source.
The best thing to do is to take your website’s security very seriously and always stay vigilant.
Have any other security tips that you would like to share? Feel free to drop them in the comment box below.
I am a Co-Founder at WPOven INC currently living in Vancouver, Canada. My interests range from Web Development to Product development and Client projects. I am also interested in web development, WordPress, and entrepreneurship.