WordPress Security

As well as making your wordpress site run faster, you must always make sure it’s not open to hackers and people wanting to exploit vulnerabilities.

As someone who’s recently had to handle several wordpress sites being hacked in one way or another, these are my bits of advice. Most are common sense, but it’s good to be reminded to do them:

  • Keep everything up to date – out of date versions of wordpress, themes and plugins make for an easy place to attack your site. Make sure you keep everything up to date as often as possible.
  • Remove any unused plugins or themes – having files on your server that aren’t even being used is a waste of space, but also an open invitation to people wanting to exploit those files. Get rid of everything you don’t need.
  • Install a plugin to help keep an eye on things – I have installed Wordfence on all my wordpress sites. It scans your files daily for any problems, alerts you when admins sign in and also when files or plugins need to be updated. It’s caught a few nasty things for me so has already proved it’s worth….. and it’s free! There is a premium service which gives you even more security, but the free version is pretty good so get it. There is no excuse.
  • Make sure your passwords are long and hard to guess – don’t use regular words or passwords used for any other web site. Make your passwords as complicated as possible and use a password manager such as 1Password to generate and keep them safe.
  • Be careful what apps can connect to your site – if you maintain your site through an app or a third party tool, you may have the most secure wordpress site in the world, but if the third party tool gets hacked or there is a vulnerability in that, it could do lots of damage. So make sure you know what is connecting to your site and what has permission to post.
  • Get a decent web host – if you use a free or cheap web host, chances are you are leaving yourself open to attack. Pick a web host that proves it takes security seriously. There is no point in making your site secure if your server isn’t.
  • Be smart and use common sense. It shouldn’t be a hard job to keep your site secure, you just need to use your brain a bit and keep on top of it. Even though I run around 10 wordpress sites, it only takes a few minutes each week to keep things up to date.

So there you go, a few common sense tips to help keep your site secure and your content safe from abuse. I hope you found them useful. If you’d like to add more, please do, it will help everyone.

Be the first to leave a comment. Don’t be shy.

Join the Discussion

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>