Keeping Your WordPress Website Secure
Millions of cyber attacks are launched against U.S. based companies, non-profits and military organizations every day.
It’s not just big businesses that need to be concerned about cyber security. Attacks on small businesses are becoming common. In fact, according to a 2013 National Small Business Survey, about 44% of small businesses have been attacked and approximately 75% of the victims are completely unaware of the breach.
Although advanced maintenance and security packages are available at firms like ours, the following are some important security precautions every website owner should take:
1) Delete out of date/unused plugins.
Although plugins can offer tremendous benefits to a website, they can also create security threats. The threat is even greater if the plugin is no longer being updated or maintained. It is important to evaluate the necessity of each plugin on a regular basis. Remove any plugins that are no longer supported or are no longer needed on the website.
2.) Use a security plugin.
It is important to be selective with any plugin you wish to install on your website, but security plugins can makes significant changes to your database and other site files which can impact how a website functions. It is important to review each option carefully and back up all website files before installing any security plugin.
That being said, here are a few security plugins we recommend*:
- iThemes Security: Formerly known as Better WP Security, this plugin is now maintained and supported by iThemes. It offers one of the best all in one security solutions available in a free and pro version.
- Wordfence: Another excellent all in one security plugin option for wordpress websites. It has over 4 million downloads and a nearly perfect user rating of 4.9 out of 5 stars.
- BulletProof Security: Another popular all in one option with about 1.5 million downloads. It offers both a free and a pro version and boasts an impressive user rating of 4.8 out of 5 stars.
If your website has been the victim of an attack, Sucuri is one of the most trusted names in malware removal.
3.) Use a unique username.
Don’t use the “admin” username. It is the most common username for WordPress websites and hackers exploit this fact for brute force attacks.
4.) Change up the password.
Weak passwords make websites vulnerable to brute force and other forms of attacks.
- Passwords should be changed frequently.
- The passwords you use should include letters, numbers, mixed case, punctuation and be at least 8 characters. It helps to use a random password generator.
- Force users on the WordPress site to use strong passwords.
- Never reuse a password, make them unique for each website.
- Consider using a password manager such as Lastpass, 1Password, DashLane or RoboForm.
For more advice on passwords, check out WordPress’ guide to passwords.
5.) Backup the website.
Although a backup will not help you prevent a security threat, it will be a life saver if your website is hacked. The following are some recommended backup plugins*:
- VaultPress: Brought to you by Matt Mullenweg (co-founder of WordPress), VaultPress is a subscription based service with a few different pricing options.
- UpdraftPlus: With over 1.6 million downloads and a user rating of 4.8 stars out of 5, UpdraftPlus is one of the most popular and highest rated backup plugins for WordPress.
- BackupBuddy: Another plugin brought to you by the folks at iThemes, BackupBuddy is a pail WordPress backup plugin.
6.) Keep your website up to date.
In 2012, more than 117,000 WordPress installations were hacked. According to a survey conducted by WP White Security, vulnerable, outdated versions ofWordPress are one major source. Less than 20% of the websites analyzed were running the most current version of WordPress.
WordPress itself isn’t the only thing to keep up to date. Themes and plugins are just as important to maintain. A recent survey found the following:
- 29% were hacked via a security issue in the WordPress Theme they were using
- 22% were hacked via a security issue in the WordPress Plugins they were using
7.) Enable Two Step Authentication
Enabling two-factor authentication can significantly improve the overall security of any WordPress website. Two-factor authentication is a method of securing accounts by requiring that you not only know a password, but that you also possess something like a mobile device. Once a password has been entered, a code is sent to a mobile device that must also be entered. The benefit of two-factor authentication is that even is a password can be guessed the hacker would also need to have stolen the mobile device.
*This represents a thrid-party product or service. Ready to Run Designs makes no claims or warrantees for this product or service.