The last thing you want to find when logging into your WordPress site is that it has been hacked. Whether you can no longer log in, a virus has been installed, or your data has been deleted, it can make for a pretty bad day.
There are a few simple steps that everyone should take to increase security. These 5 steps shouldn’t take more than 30 minutes to implement (although switching web hosts could take some additional time, if needed).
30 minutes to avoid a hacked site? #worthit
Secure Username And Password
We’ll start with the password because we’ve aaaaaaall heard it before.
Use a secure password!
It should contain uppercase letters, lowercase letters, numbers, and symbols. Ideally it shouldn’t be a word that is human readable. To generate a strong password that you don’t need to worry about remembering, I suggest using LastPass. I’ve only been using it for a month or two now, but I love it. Not even I know my passwords! (Which is not as scary as it sounds.)
Now for the username. Did you know that you should not, under any circumstances, have “admin” as a username?
This used to be WordPress’s default, so don’t feel bad if it’s one of your usernames. But if it is I seriously want you to stop reading this post and change your username right now.
The Wordfence Security plugin sends me weekly reports containing failed login attempts. 100% of those failed attempts (other than my own) are trying to get in with a username of “admin”. Scary!
Use A Good Web Host
In the case of web hosts, cheaper is not better. Web hosts have a big part to play in the security of your site. If your host’s data isn’t secure neither is yours!
I’ve used several different hosting companies and my favorite is by far BlueHost. Their security is great, everything is nice and easy to use, and the one time I had to contact customer service was super quick and easy. (Update: I no longer use or recommend Bluehost. Siteground will give you much better support and website performance as well as far less downtime.)
Having a good plugin that protects your site from hacks, malware, and more is also important. There are many options available.
For my own site, I use Wordfence. I’ve also used CloudFlare in the past.
CloudFlare isn’t exactly a plugin, but it blocks attacks and helps to increase the speed of your site.
When you see those little red numbers next to your Plugins or Updates menu items, it’s important to click through and complete those updates.
Vulnerabilities in themes and plugins are often the main reasons for an update. It’s important that you get those improvements as soon as possible.
Last, but certainly not least, backup your site regularly.
There are many ways to do this through your host, plugins, or manual backups. Whichever way you choose, be sure that you’re backing up regularly and that your backups are actually working.
That way, if something were to happen to your site not all would be lost. With a little work, you’d be able to regain control of your site and get a recent version back up and running in no time.
What Are Your Tips?
What tips do you have for keeping your site secure?
For more in-depth approaches, take a look at the WordPress Codex.