How to keep your WordPress site secure

Mar 30, 2018 by
How to keep your WordPress site secure

With a variety of useful plugins and an easy to use interface, WordPress is one of the most powerful platforms for setting up and running a business blog. Unfortunately, there have been many stories of WordPress sites being hacked in the past, so it’s essential that you treat security as a serious concern.

Typically, hackers will use bots to find WordPress sites with specific weaknesses, so if you get hacked, it’s likely to be an opportunist attack. Often, hackers can install malicious code into your downloadable files or seek to redirect your users to affiliate sites that bring them income. To avoid this kind of thing happening to you, here are some of the precautions you should take.

Consider unique passwords

Passwords like “12345678” or “password” are not secure, and it’s unbelievable that people are still using them in 2018. Your first line of defence against a WordPress security breach is to come up with a password that is unique and complex.

Michel Heijmans writes:

This is where tools like 1Password and LastPass come into play, as they each have password generators. You type in the length, and it generates the password. You save the link, save the password, and move on with your day. Depending on how secure I want the password to be, I usually set length of the password (20 characters is always right) and decide on things like the inclusion of less usual characters like # or *.

If you don’t feel like coming up with a random string of numbers and letters by yourself, you can use this helpful password generator.

SecurityBan IP addresses after multiple failed login attempts

Hackers use sophisticated software in order to submit countless password guesses on your site. In order to avoid being hacked by this kind of attack, you can setup a site lockdown system whereby a user will be banned for attempting numerous logins within a short period of time – since this is indicative of a brute force attack. The All in One WP Security & Firewall plugin will come in handy for this.

Use emails as login names

Login names are far more predictable than email IDs. Given that hacks are typically automated, you can keep yourself protected if your login names are harder to guess. Check out the WordPress Email Login plugin for more information about how to do this.

Enable two-factor authentication

The more steps you have to make an automated malicious algorithm go through to get to your site, the better. With two-factor authentication, you dramatically lower the chances of bots making it through to your site. This simply means that a user must take two actions instead of one in order to login. This could entail typing in a password and also entering an 8 digit code sent to your mobile device. If you’re looking to install two-factor authentication on your WordPress site, Rublon is an excellent plugin to get started with.

Final words

Always keep your WordPress site updated regularly. If you are using a dated version of WordPress, the weaknesses of that version could leave you vulnerable. If a hacker sees that you’re running a dated version, they will know the specific weaknesses that can be targeted. Once your WordPress site is safe and secure, you can enjoy creating awesome content that will keep your customers coming back time and time again.