17th February 2017
Now powering almost 27% of sites on the web, WordPress is the most used content management system to date. As a result of its success and popularity, hackers have a substantial interest in finding holes in the WP platform to cause damage.
Which is why we have listed a few tips to keep your WordPress website running smoothly.
We’ve started with the most obvious – always use strong username and passwords for every user to keep outsiders from guessing it. We’re still seeing clients use ‘password’ for their passwords (no really) and it’s one big invite for intruders. Never use ‘admin’ for your username either. It’s a good idea to use the ‘password generator’ option – their suggestions may look a little crazy but you’ll know it’ll be secure. Changing them frequently will also help too.
When adding a user to the admin panel, think carefully about the level of role they should have.
- Super Admin – somebody with access to the site network administration features and all other features.
- Administrator – somebody who has access to all the administration features within a single site.
- Editor – somebody who can publish and manage posts including the posts of other users.
- Author – somebody who can publish and manage their own posts.
- Contributor – somebody who can write and manage their own posts but cannot publish them.
- Subscriber – somebody who can only manage their profile.
Every WordPress site always comes with a default URL login:
Hackers will know this so they’ll be able to bring up your login form effortlessly. Therefore, it’s best you change them to something different. There are a few plugins that can help you do this. One being WPS Hide Login which allows you to change the URL to anything you want. You can read more about this plugin on the directory page here.
As soon as you see on your dashboard that there’s a new version of WordPress – click and get installing. It only takes a couple minutes. WordPress may have bumped up their security or patched up holes where hackers could gain entry. If you just leave it your site is more vulnerable to attacks.
Always update plugins and themes as soon as you notice them. Authors will occasionally release new versions of their work to enhance security or add new features. If you leave them sitting, this gives hackers a chance to work their way into your site through the old plugin files. If you notice that there’s not been a new update for a plugin on your site in a long time then it’s worth re-considering an alternative plugin. This works in the exact same way for themes.
A simple one. If you have activated plugins that are not in use then there’s no point in having them there. Hackers will get to them so delete delete delete!
By default, admin users can edit theme files by using the ‘editor’ section. To keep them out you can simply add this piece of code to your wp-config.php file.
define( 'DISALLOW_FILE_EDIT', true );
Here’s 3 we can suggest:
Sucuri is a free plugin which focuses on securing 7 key features which will strengthen vulnerabilities and attacks.
iThemes claims to offer 30+ ways to protect your website from intruders. It’s an easy setup and will eliminate most threats. A good one to install.
WordFence limits login attempts and blocks IP addresses that are constantly trying to get in. It will also scan core files so that if a hacker has made any changes then you can repair them fairly easily. There’s a premium version you can purchase but the FREE package is just as good.