WordPress security shouldn’t be mystifying or hard to implement. It’s pretty simple to keep your website safe and prevent hackers from destroying all your hard work.
Keep reading to learn 5 simple tricks to safeguard your WordPress website, password, login area and more.
Install a security plugin
My security plugin of choice iThemes Security. It does a great job of covering all the bases and can be setup in just a minute or two with their easy wizard.
Right away you’ll get brute-force protection, strong password reinforcement, and the ability to ban IP addresses from your website. You also have the ability to turn on SSL site-wide (don’t do this unless you have an SSL certificate installed!) and other advanced features.
I do recommend using the Hide Backend feature for extra protection, which I’ll get to right soon.
Wordfence is probably the most popular security plugin available. It includes features like a firewall, malware scan, live traffic, and login security and has over 22 million downloads.
Since I’ve always been happy with iThemes Security, I’ve never bothered to use WordFence but I hear wonderful things about it. Plus it has great reviews on WordPress which I consider one of the most important things when looking at a new plugin.
WordFence has a great wizard to get you started but I have noticed one feature that is missing: the ability to hide your login area.
Hide your login area
This one is so simple yet really powerful! Because the login area is most often /wp-admin on WordPress sites, hackers and bots can find the login form without any problem. But if you change the name of that area then they’ll get a 404 error.
If you install a security plugin and notice you keep getting a lot of blocked login attempts then it’s time to hide your login area.
Depending on the plugin you chose, you may already have this feature. If not, don’t fret! Use the plugin WPS Hide Login to change your login url to anything you want.
Try to make it hard to guess and don’t make it obvious. But make sure you can remember it or you won’t be able to login. So bookmark it!
Change your password (and make it secure)
Not only should you completely change your password occasionally, you should make sure it is very secure. Don’t use your birthday, your dogs name, your blog’s name, or something simple with 123 tacked on the end.
Instead of trying to think up something bizarre, just use a password generator to create something that will be nearly impossible to guess. You probably won’t be able to remember it either though so write it down or save it somewhere.
Don’t be admin
A common mistake that I see is having an “admin” user on your WordPress site. I’m not talking about an administrator role, but your actual username. I don’t think it’s still the case but WordPress used to make the creator of the site “admin”.
Hackers can take advantage of this knowledge and brute-force your password. If you’re using admin as your username then you’ve already did half of the work for them! If you don’t know how (or can’t) change your admin username, check out the tutorial below:
That being said, you also shouldn’t make your username anything that can be easily guessed. This includes your blog name, business name, or even your own name.
Update your stuff (like all the time)
This one might be like a no-brainer or maybe you’re one of those people with 18 updates on your dashboard. Hint – don’t be one of those people!
Outdated WordPress files, plugins, and themes can contain security exploits and back doors that allow hackers, spammers, and malware right into your website and files. This is probably the biggest culprit for hacked websites.
Yup, something as quick and simple as updating your plugins can cause the demise of your entire site. Take the 60 seconds once a week to update everything or get a maintenance plan so you never have to worry about this sort of stuff.
I should also stress that you should run a backup on your website before you do any big updates. And if you haven’t updated your stuff in a long time then most certainly backup your stuff first.
If you want more security tips plus ways to speed up, optimize, and backup your WordPress website then get my ebook: Uplevel Your WordPress.
What ways are you going to secure your website? Or what have you been doing to keep it safe? Let me know in the comments!