When it comes to website security the last thing you want is to wake up and find out that someone hacked your website. We understand that website security can be a scary subject and that you want to do everything you can to prevent a hack from happening. It’s important to know that nothing is completely foolproof but you can rest assured that by implementing these practices you are taking many preventive proactive steps to ensure a secure website.
Tip 1: Implement login security
The first thing to do is to implement login security. Start by setting up two factor authentication. This means that you will need to provide a secondary access step that only you can access, such as a text to your phone.
Make sure to limit the number of administrator users that you have and be sure to set up users only with the permissions they need. If you’re unfamiliar with this concept you can learn more about WordPress roles. Fewer administrator accounts means a lower likelihood that hackers will be able to find your administrator usernames and passwords.
You should also make sure that you have strong passwords in place. WordPress can suggest complex passwords for you. If you’re choosing your own password make sure that you are using a combination of uppercase and lowercase letters, as well as numbers and symbols.
Tip 2: Set up a reliable backup system
Make sure that you have a reliable backup system in place. This means that if someone does hack your website you can easily and quickly restore your site to a previous backup, preferably from the day before. You can set up backups through a plugin like Updraft or potentially through your website host. Note that Simpler Site performs this task daily for all clients who have an ongoing website management plan.
Tip 3: Keep your WordPress core, theme & plug-in files updated
Keeping WordPress core, theme, and plugin files regularly updated greatly boosts your website security. Because WordPress is the most widely used content management system in the world, there are also lots of people who are trying to find its vulnerabilities that can be hacked. To address this, WordPress core, theme, and plugin authors regularly publish updates to their code to provide important security patches for vulnerabilities.
Similarly, make sure that your website doesn’t have themes or plugins that are not in use if you don’t need a theme or a plugin delete it from your website to remove the possibility of it being hacked. If you need help updating your core theme or plug-in files please contact us. Again, all websites that have maintenance through Simpler Site have this taken care of weekly.
Tip 4: Set up a security plugin
By setting up a security plugin you can boost your website’s security. For example, you can limit login attempts so that if someone uses an incorrect username/password too many times they are locked out from logging in. Your security plugin can also set up a firewall and audit your website for malicious code on a regular basis. There are several security plugin options, a few reputable ones include Wordfence, Sucuri, and All in One WP Security. If you’d like more information about which plugin is the best choice for your setup WPBeginner wrote a great blog post comparing these plugins.
Tip 5: Use a reliable and secure web host
Be sure to use a reliable and secure web host. Your web hosting provider should provide a free SSL certificate and automatic backups. We’ve chosen to partner with WPEngine which also provides additional security features by locking down websites with managed WordPress updates, vulnerability scanning, 2FA, DDoS mitigation, automatic threat detection and blocking. We’re happy to work with WPEngine on your behalf, or if you prefer to manage your own hosting plan you can use this code to receive three months of WPEngine hosting for free.