Back to Blog

The importance of website security

17th February 2017

The importance of website security

Now powering almost 27% of sites on the web, WordPress is the most used content management system to date. As a result of its success and popularity, hackers have a substantial interest in finding holes in the WP platform to cause damage.

Which is why we have listed a few tips to keep your WordPress website running smoothly.

Force strong username and passwords

We’ve started with the most obvious – always use strong username and passwords for every user to keep outsiders from guessing it. We’re still seeing clients use ‘password’ for their passwords (no really) and it’s one big invite for intruders. Never use ‘admin’ for your username either. It’s a good idea to use the ‘password generator’ option – their suggestions may look a little crazy but you’ll know it’ll be secure. Changing them frequently will also help too.

wordpress password generator

Add users with care

When adding a user to the admin panel, think carefully about the level of role they should have.

  • Super Admin – somebody with access to the site network administration features and all other features.
  • Administrator – somebody who has access to all the administration features within a single site.
  • Editor – somebody who can publish and manage posts including the posts of other users.
  • Author – somebody who can publish and manage their own posts.
  • Contributor – somebody who can write and manage their own posts but cannot publish them.
  • Subscriber – somebody who can only manage their profile.

wordpress.org

Change the login URL

Every WordPress site always comes with a default URL login:

  • /wp-admin
  • /wp-login

Hackers will know this so they’ll be able to bring up your login form effortlessly. Therefore, it’s best you change them to something different. There are a few plugins that can help you do this. One being WPS Hide Login which allows you to change the URL to anything you want. You can read more about this plugin on the directory page here.

Make sure you’re running the latest version of WordPress

As soon as you see on your dashboard that there’s a new version of WordPress – click and get installing. It only takes a couple minutes. WordPress may have bumped up their security or patched up holes where hackers could gain entry. If you just leave it your site is more vulnerable to attacks.

wordpress-updates

Update plugins & themes

Always update plugins and themes as soon as you notice them. Authors will occasionally release new versions of their work to enhance security or add new features. If you leave them sitting, this gives hackers a chance to work their way into your site through the old plugin files. If you notice that there’s not been a new update for a plugin on your site in a long time then it’s worth re-considering an alternative plugin. This works in the exact same way for themes.

Remove plugins that are not in use

A simple one. If you have activated plugins that are not in use then there’s no point in having them there. Hackers will get to them so delete delete delete!

Disable the file editor

By default, admin users can edit theme files by using the ‘editor’ section. To keep them out you can simply add this piece of code to your wp-config.php file.

define( 'DISALLOW_FILE_EDIT', true );

Install a security plugin

Here’s 3 we can suggest:

Sucuri Security
Sucuri is a free plugin which focuses on securing 7 key features which will strengthen vulnerabilities and attacks.

  • Security Activity Audit Logging
  • File Integrity Monitoring
  • Remote Malware Scanning
  • Blacklist Monitoring
  • Effective Security Hardening
  • Post-Hack Security Actions
  • Security Notifications

View on Plugin Directory Page.

iThemes Security
iThemes claims to offer 30+ ways to protect your website from intruders. It’s an easy setup and will eliminate most threats. A good one to install.

View on Plugin Directory Page.

WordFence
WordFence limits login attempts and blocks IP addresses that are constantly trying to get in. It will also scan core files so that if a hacker has made any changes then you can repair them fairly easily. There’s a premium version you can purchase but the FREE package is just as good.

View on Plugin Directory Page.

design, security, wordpress

Interested? - If you'd like to have a chat about mobile responsive websites, simply give us a call on 01302 638 638, we'd be glad to help.