It seems you hear about someone’s site being hacked just about every day. In many cases, the business owner could have taken one or two steps to prevent the invasion. While hackers will continue to devise methods to infiltrate blogs and websites, the following tried and true WordPress security points will help keep your WordPress Site safe.
WordPress Security Steps You Can Take
- Have you removed telltale signs that give hackers a clue about my site including:
- removing the WordPress version from the website’s header?
- removing "admin" user name and replace it with a unique user name and password?
- removing login link from your theme?
- Have you secured your login and installed plug-ins and systems that do one or more of the following:
- limit the number of login attempts an IP address can use within a specific time frame?
- add two-factor authentication, which will require you to enter an additional code to login?
- rename the “wp-login.php” file to something else so hackers cannot know the correct login URL?
- Have you added SSL for WordPress Admin?
(Note: You will likely need to contact your web host to have them implement a Secure Socket Layer for your WordPress Admin area?
- Have you established systems to:
- scan your site regularly for virus and malware intrusions?
- update plug-ins and WordPress software regularly?
- schedule back-up of your WordPress site periodically?
- Have you created a strong password to log into my site? Does it include upper and lower case letters, numbers and special characters? Your password should have nothing to do with you or your personal life so it cannot be guessed. And, do you have a system to change it at least once every 90 days?
- Do you utilize reputable and trustworthy providers including:
- website designers/developers?
- WordPress theme developers?
- ghost/guest bloggers?
- virtual assistants?
and, is each provider given a unique password and username? Is administrative login information changed after business with provider(s) is concluded?
- Have you changed the default table prefix in the WordPress database, or had it changed for you, so that hackers cannot easily access your database?
(Note: For a new Word Press installation, you can change the table prefix in the "wp-config.php" file before installing WordPress. If you have WordPress installed already, visit WordPress.org for instructions.)
- Have you uninstalled and/or removed any and all unnecessary themes, plug-ins, and users?
- Have you employed the services of a reputable host with demonstrated security practices and systems in place and a reputation for secure hosting?
- Have you created systems to ensure your back-up system is working effectively and efficiently?
(Note: Remember, backing up your WordPress site isn’t a "set it and forget it" event. Create a system to regularly check to make sure your blog/site is backing up effectively.)
No blog or website is impervious to hackers. However, when you take these ten WordPress security steps to protect your site, you will be drastically reducing your odds of trouble. It is well worth the time and effort up front to protect your business down the road. An ongoing program of security practices takes it one step farther.