We may not like to admit it, but security can commonly take a back seat when it comes to your WordPress site. WordPress is used in 27.5% (and growing) of all websites out there, so it’s not surprising that they can be vulnerable to attack.
Don’t lose heart though, there are a number of simple and straightforward steps that you can take today to improve the security of your WordPress site. I’m not advising that you take action on every single one of these items, but consider doing what you can and what is most suitable for you and your WordPress website.
Choose a trusted and reliable hosting provider
This is something that you can and should consider before ever putting your website up online. Spend some time reviewing a number of different hosting providers to compare the features of each. Consider the functionality that you require for your site and choose the hosting provider that matches.
I personally use Hosting Ireland and have done for the last number of years with no issues. There are a number of choices out there to look at. BlueHost is another popular hosting provider which is recommended by businesses like Lynda.com.
Change the database prefix
You may or may not know that WordPress makes use of databases to manage its content. The database prefix that is used by default in WordPress installations is wp_. As this is common knowledge, hackers can take advantage of this fact to exploit the database, and in turn your entire site, using SQL injection techniques.
A good way to prevent against this type of attack is to use a different database prefix. This is something to consider during the installation of your website.
This is also something that you should think about if you have an existing site. The second scenario, as you can imagine, requires a little more work than the first but I have found a great step by step article on how to do this at WPBeginner.com which you can check out here: How to Change the WordPress Database Prefix to Improve Security
Keep plugins, themes and WordPress up to date
This is the simplest thing you can do to ensure your WordPress website remains secure. As security flaws or other issues become noted by developers, they are fixed with updates to plugins and themes. This is why it is important to ensure everything is up to date.
The WordPress dashboard will display updates to WordPress, themes and plugins as they become available which you can then update with ease.
If you are not logging into your WordPress site everyday, or if you have a number of sites to maintain, this can become a little more difficult to stay on top of.
With this in mind, a useful plugin I came across was WP updates notifier . This WordPress plugin sends an email when updates are available.
Only install trusted plugins and themes
This is another simple step you can take to ensure your site is secure. Be sure to use trusted plugins, ideally just those from WordPress.org/plugins .
Choosing a plugin or theme:
- Read the reviews to see the positive and negatives.
- Choose plugins and themes with a good star rating.
- Review the support page to ensure that the customer support effective and up to date.
- Review the development page to ensure the plugin/theme is kept up to date and to review the supported WordPress version.
- If you change your mind on using a plugin, be sure to uninstall it.
Backup your site
Should the worst happen, it is super important to have a reliable backup system in place to allow you to restore your site quickly. There are a lot of options out there to facilitate this, most of which being in the form of plugins. In other cases your hosting package may include a backup option.
One plugin option allows you to back up and restore to Dropbox: Dropbox Backup
UpdraftPlus WordPress Backup Plugin is another plugin that is useful for backup and restore functionality.
As mentioned previously, do some research and find the most suitable backup plugin for you.
Use strong passwords and change them regularly
This sounds too simple but having a strong password can be so important. Make use of a random password generator to generate strong passwords and change them frequently. If you are concerned with maintaining a number of complex passwords, it can help to make use of a password manager application.
Enable 2 factor authentication
It is possible that even the most secure password around can be cracked. 2 factor authentication adds another layer of security to your site and can be achieved with any number of plugins. The Google Authenticator plugin can be used to enable this.
Limit login attempts
Limiting the login attempts that a user can perform to your site will help to prevent against brute force attacks. WP Limit login attempts is a useful plugin for this task that I have used previously.
Log out idle users
Logging out idle users can remove the threat of unwanted account hijacking. The Idle User Logout plugin can allow you to logout users after a specified period of time.
Additional links to some interesting articles:
Two Step Authentication
How to create a custom login page for wordpress
HTTP to HTTPS