Did you ever imagine what would you do if your WordPress website disappears?
It might sound rough, but this may happen to everyone just like it happened to me once.
WordPress security is something that you should take really seriously, because there are people who use vulnerable websites to their advantage.
Plus, there are disasters that might happen and you can lose your work forever.
But you can avoid this by taking some precaution measures for your WordPress website and increase its security.
This way you will sleep better thinking that your business is safe.
Obviously, there are a lot of things that you can do to lock down your WordPress installation and some ninja tips that I will share with you in a future post.
But in the meantime, let’s start with the basics and learn the easiest fixes you can apply for a more secure WordPress website.
If you find a vulnerability just go and fix it and then come back to continue reading the article.
1. Backup your website
The first and most important task that you need to take care of is backing up your site.
Without a backup you can loose your website and everything you’ve been working on forever.
Most hosting companies will say that they backup your website, but for additional security you should keep an extra backup of your WordPress website on a different location.
I would also recommend you to ask your hosting company where they keep the backups.
If they say that they keep them on the same location, this is an extra reason for your to start backing up your site. And possibly look for a different hosting company.
There are a lot of WordPress plugins and services that can help you backup your WordPress site on a different server.
It doesn’t matter which one you choose, but it’s crucial that you backup your WordPress site.
I’ve heard really good things about:
If you need help, take a look at our WordPress services and we will backup your website for you.
Action tip: Find a backup plugin that does backups every day/week, install it and backup your site on a different location right way.
2. Keep your blog updated
I can’t stress enough the importance of updating your WordPress site, themes and plugins.
With every new release WordPress adds security enhancements that you should have on your blog as soon as possible.
While you may want to wait a couple of days until advanced users test the new versions, you definitely need to apply any updates available within a week since their release.
Additionally, themes and plugins will release security enhancements and you need to keep them up to date, so hackers won’t exploit their vulnerabilities.
If all your scripts are updated you reduce the risk of your site getting hacked, because hackers love outdated software and this is where they will look first.
If you are afraid of breaking something during the update ask (us!) for help or read more about how you can break the fear of technology.
Action tip: After you create a backup of you blog, go ahead and update WordPress and all your themes and plugins.
3. Remove unnecessary themes and plugins
One of the most common security issues is with outdated scripts, especially with themes and plugins that you don’t use.
I actually cleaned a couple of sites which got malware because they used to have about 10 themes installed, which got outdated and hackers exploited some vulnerabilities that existed in those old versions.
The funny thing is that the security threat was fixed soon after it was discovered, but because the theme was not updated, they could reach the website through that gate.
Plus, those themes were not used anymore, so why keep them to make your site more vulnerable?
That is why I would recommend you to audit your themes and plugins and if you don’t use them anymore, just press the delete button.
Action tip: If you have any themes or plugins that you don’t use, now it’s time for you to delete them.
4. Don’t use admin as your username
Before the version 3.0 of WordPress the default administrator username, was “admin” and hackers know this.
Moreover there are plenty of people (know anyone?) who still use this and make their sites vulnerable.
If hackers know your username, they will move at the next step and try to find your password.
But if you have a custom username, they will have to guess that first which will make their job a lot harder.
In WordPress you can’t change your username, but you can create a new user and delete the old one.
Action tip: Create a new user with administrator privileges and setup a strong password for that user. Once created, login with those credentials and delete the old admin account.
5. Use strong passwords
There are plenty of hackers who use brute force to guess passwords and if your password is weak, you’re making their life easy.
Instead use different passwords for every website/email account/social media account you use and store them using a password keeper tool.
I personally use LastPass (free and paid) because it works straight from my browser and the paid version also has an iPhone app.
I use LastPass to generate secure passwords, securely store them in my account and keep other information/notes safe.
I would recommend you to go with passwords that have at least 14 characters, if not multiple words and contain special characters, numbers and capital letters.
Action tip: Signup for a password keeper tool and change all your weak passwords. Use a tool to generate them to something like this: D&L1rlXJVk&l&z.
6. Keep your computer clean
There are times when hackers use viruses to infect your local computer and then scan it for open FTP connections.
Once you connect to your website via FTP, they will use that connection to upload malicious content on your website without you ever knowing.
This is the reason why it’s really important to keep your computer clean and use an antivirus software to scan your computer in real time to avoid getting it infected.
Action tip: If your computer needs an anti-virus download a free one or buy a paid version. Scan your computer and schedule regular scans.
7. Use sFTP to transfer files
The usual FTP connection sends passwords and sensitive data in plain text and if someone uses special programs to scan your connection they can read your data.
You can avoid this by using an sFTP connection, provided by most of the hosting companies, but not really used by users.
The sFTP connection creates a secure tunnel between your computer and the server so no one can access your information.
This way, the username and password sent to the server to login and any other sensitive information you upload, will be protected from those who try to access that data.
Action tip: Send an email to your host and ask them to provide you more details about what you can do to use an sFTP connection.
Back to you
Do you think that your WordPress site is secure? Think again!
Make sure that you implement everything you learned above right away to avoid loosing precious data from your website.
In case you have questions or need help with any of the above leave a comment below.
Or if you have any other tips that you would like to share with us, please use the same comments box.
Signup now to get fresh content that will help you build a profitable business online using WordPress. Here's what you will get if you join now:
- Video series: 7 Quick Ways to Secure your WordPress Blog From Being Hacked
- Free updates for articles as they publish
- Exclusive content just for subscribers and access to the Backpack Toolbox
Powered by Elevatr