If you are reading this, chances are that your website is powered by WordPress. While that’s cool, you are also at risk.
Circa March 2016, Google reported that more than 50 million website users have been greeted with some kind of warning that the websites they visited were at the risk of malicious software, phishing, or some other kind of vulnerability.
This number was only 17 million in 2015. Google is busy blacklisting more than 20,000 websites each week and another 50,000 per week for phishing.
The risks are high on the web, and most of that risk comes more from our indifference to our websites rather than the general state of the web.
WordPress powers over 60% market share. That alone can explain why WordPress is also a primary target for hackers around the world. If your WordPress has any degree of vulnerability, your website is likely to get hacked.
It’s your WordPress site. It’s your business. A lot depends on how well you take care of your website. Here are 7 ways to ensure your WordPress blog or website is secure.
Hosting really matters
You get what you pay for, and web hosting is a true example of that.
The typical first step to host your website is to find shared hosting because it’s cheap and allows absolutely everyone access to servers. While shared hosting isn’t bad by itself, it’s just not the right choice when speed, security, stability, and peace of mind are your priorities.
WordPress managed hosting services like WP Engine, Synthesis, and FlyWheel do a lot more than just providing you space and bandwidth for your website. Each of those specialist WordPress hosting services provide active hacker control, malware protection, robust security technology stack, CDN, and a lot more to keep your WordPress websites really secure.
Keep your site updated
Sucuri analyzed over 11,000+ infected websites with more than 75% of those sites on WordPress. Out of these, more than 50% of the websites were out of date.
What might often seem like a simple step to take is also often neglected. One of the major reasons why WordPress websites get affected is because users forget (or don’t bother) to update to new versions of WordPress. If you own a WordPress website, always stay updated with the latest stable core version of WordPress. While you are at it, also update your themes and plugins.
The steps you’d need to take are simple enough: always update to the latest version of WordPress, the theme you use, and the plugins. If you have a pile of themes and plugins you aren’t using anymore, just delete them.
Move the generic WordPress Login URL
The usual WordPress login URL looks something like mywebsite.com/wp-login/ and it’s standard for all WordPress installs.
That’s also a trouble because it makes it incredibly easy for anyone who wants to gain access to your website to reach out to that URL. If you didn’t already do it when you first installed WordPress, use a plugin like Custom Login URL (CLU) – a light weight plugin that can do the job for you.
Even better, you can use WPS Hide Login that keeps your WordPress login URL a secret so that no one would ever know what your URL is. Be sure to pick a URL that you’d remember though just making sure that it’s not too obvious.
Limit Login Attempts
Limit Login Attempts is a handy plugin that can add one more layer of security. In fact, it’s one of the first set of plugins you should install when you start using WordPress. Limit Login Attempts does what the name suggests. It limits your attempts to login (you’ll set the number of attempts) and that takes care of hobby hackers who might try to login to your website repeatedly.
It also keeps out bots and acts as front line defense automated brute force attacks.
Change WordPress Default Database
Do this step only when your WordPress install is new. If your WordPress is already used, changing the default database prefix could be disastrous if you don’t know what you are doing.
The generic WordPress database which looks something WP_XXXX is also a well known route to hack through to your website. Instead of using this generic database prefix, customize it to anything else you like such as KL_XXX or something that you can relate to.
Invest in fulltime Security for WordPress
If there’s one thing you shouldn’t go cheap with, it’s hosting for your WordPress site and its security. There are just way too many WordPress website owners, bloggers, small businesses, and others who don’t give enough importance to security when they should have.
Waiting until disaster strikes, only to learn about the importance of WordPress security is a good lesson that comes with a steep price.
Invest in reliable plugins or services such as Sucuri to make sure you build a fortress around your WordPress website. Sucuri provides you protection from DDoS and brute force attacks, multiple infections and reinfections, and stops hackers in their tracks from their attempts to exploit vulnerabilities.
The concept of website security is fluid, ever-changing, and needs active management. From stopping comment spam using Akismet all the way to pro—active control and management of your website is a full-time job. As a business owner, it’s all on you.
How well do you manage your WordPress site? How do you handle WordPress security? Tell us all about it.