It’s ironic that securing a WordPress website is called “hardening.” The process is a bit like adding more stones and rocks to bolster a fortress. But, remembering all the details of WordPress security is so much “harder” (and so much more important to keeping hackers away) than a rock wall!
Sure, you could stick your head in the ground like an ostrich and make-believe that small business owners aren’t worth hacking. However, as we mentioned in a previous post, we live “…in the age of big box security leaks, NSA snooping, easily lost mobile devices chock full of personal data and hackers that are increasingly targeting smaller targets.” And since WordPress is pretty soft on defense, it’s seriously important to step up and combat the attacks.
That’s why it’s worth repeatedly telling you about how to best protect your WordPress site. Especially when these 8 simple steps can help even the most technically challenged secure their website.
- Keep WordPress, plugins and themes up-to-date
It’s amazing that something so simple can have such a big impact on site security. Whenever you login to the dashboard and see that “update available” banner, click it and update your site. If you’re worried about something getting screwed up, just make a backup before installing the update. The important thing is that you do updates regularly. And be sure to update plugins and themes, too, since each is like a “back door” to get into your site and your personal information. Bonus tip: Only download plugins and themes from reliable sources and delete any you are not using.
- Limit users…and be careful with usernames and passwords
You can give anyone you want access to your site, but you shouldn’t. Every person who has access is another weak point in your chain of defense, so the only people who should be given access to your site are the people who actually need it in order to accomplish something. Also make sure that when assigning users their usernames, you don’t use anything obvious. DO NOT make “admin” your administrative username, or anything else that resembles your name or the name of your business…and establish strong (hard to guess) passwords. Bonus tip: You might even want to create a two-step authentication process. This means a password is required plus an authorization code that is sent to your phone in order to login to your site (there are plugins for that, too).
- Use a security plugin and a firewall
WordPress itself isn’t too secure. That is why there are tons of security plugins available for WordPress. Our favorite security plugin is iThemes Security. In fact, we recently posted a blog on why we love it. For the ultimate protection, you also need a firewall between the internet and your server, such as the one from Sucuri.
- Hide author usernames
According to DreamHost, it’s a good idea to hide the author’s username to ensure you aren’t making the hacker’s job easier. If WordPress defaults are left intact, it’s really easy to find out each author’s username for your site. And since more often than not the main author of a site is also the administrator, it’s also easy to find out the admin’s username (which isn’t good!). Anytime you’re giving away info to hackers, you run the risk of seeing your site compromised.
- Select a top-notch web host with top-notch security
Hands down, this is one of the best security measures you can take. WordPress has said that nearly half of all site hacks occur through the vulnerability of a host. Once you’ve engaged said host, always use strong passwords for your accounts and databases. If you’re not using a password manager to keep track of and generate your passwords, you should be.
- Keep your computer up-to-date
Vulnerabilities on your computer (and your users’ computers) can sometimes lead to hacks (something many of us forget). When software patches are released, install them and remind users to do the same. When a new operating system is released, do your best to upgrade as soon as possible. Also make sure you use a reliable firewall and anti-virus software…and check for and promptly eliminate malware.
- Keep your site spotlessly clean
You wouldn’t leave dirty dishes and flatware sitting in stale water for three days in your kitchen sink would you? Of course not. It would be a breeding ground for filth and muck. Every few months, follow our “Spring Cleaning Tips for Your WordPress Website,” like you would your kitchen. It will keep you safe.
- Take WordPress security seriously…and get a little added help
Want to make sure that your website is as secure (“hardened”) as possible? Turn to the WordPress security experts at Solamar. We’ll help bolster your fortress and strengthen your defenses in no time!