As you know, WordPress can be a very secure CMS… but, due to its popularity, at the same time, it can also be a target for hackers as well, who are familiar with how it works, and how to get through its many defenses. Luckily, securing your WordPress installation doesn’t have to be all that difficult, as long as you follow just a few simple steps. You can make your WordPress website iron-clad in no time at all.
Step 1: Use a Strong Password
This should be fairly obvious to most people, but I think it’s worth repeating. ALWAYS use a strong password in order to secure your WP site. So, what constitutes a strong password? There are a few key factors here. The first one, of course, is length. A 15 character password is A LOT stronger than a 5 character password. Aside from just length, it’s important to use a wide variety of different characters, including special characters (such as $, #, !, @, &, *, etc). Also use a variety of letters and numbers to add a little bit of extra security as well. You can write your password down and keep it handy if it’s hard to remember, but a tough password will go far when it comes to keeping your site secure.
Step 2: Consistently Back Up Your Database and Media Files
This is a crucial aspect of getting your security in order. Sometimes, you might just get hacked, and there’s not a whole lot you can do it, but, if that happens, then it’s good to know that you’ve got everything backed up. There are many great plugins which will allow you to easily back everything up, such as the popular WordPress Backup. If you back everything up, and something bad happens, then you can QUICKLY restore your site back to how it was at the moment of your last backup.
If you’re really serious about security, and consistently backing up your databases, you can go for VaultPress, which is within the WordPress Jetpack suite of tools. What VaultPress will do, is AUTOMATICALLY back up your database, images, etc, on a consistent basis, so no matter what happens, your site is always backed up, without you having to do anything. There are different packages which you can choose from, and there’s a monthly fee involved, but, again, if your backups are important to you, then VaultPress can make for a great solution, so I highly recommend it. As a side note, the JetPack suite has a lot of great tools in it, and most of them are free as well.
Step 3: Keep Everything Up To Date
The third thing you can do to enhance your WordPress security, is to make sure that everything’s consistently up to date. If you have things which aren’t up to date, it’s like a chink in your armor, which hackers can use to exploit, and gain access to your website. So, what am I recommending you keep up to date? You want to obviously keep your WordPress installation itself up to date, naturally, but, aside from that, it’s also very important to keep your plugins up to date, as well as your theme. This isn’t particularly hard to do, as WordPress will alert you any time you have updates which you should take care of. If you’re logging into your dashboard consistently like I usually am, then this shouldn’t be a problem for you.
However, let’s say you want to have things updated automatically… you can do that too. There are some complex ways to do it, but the easiest way to go, is to simply install a plugin which does all the work for you, such as “Automatic Plugin Updates” for example, which will automatically update your plugins for you anytime any of them have an update available. Problem solved. Keep everything up to date, and hackers will usually go for an easier target.
Step 4: Use Some Good Security Plugins
One thing you can do too is to upload some good security plugins to your site. I mentioned VaultPress to you a moment ago, and that’s a great plugin for security, though there are really many great plugins out there that you can install. You don’t need hundreds, but a few good ones can really make a whole world of difference when it comes to preventing a hacker from accessing your site.
One thing a hacker may often try to do is gain access by using a bot program which guesses several random passwords until it gets the right one, and then it’s in. One way to prevent that, is a plugin called “Limit Login Attempts”. This plugin makes it so that after someone’s failed to get the right password several times, it locks everyone out so that no one can access the back-end, with or without the correct password. You can determine the number of login attempts to allow and how long you want it to lock up for, once it surpasses that limit.
Another excellent plugin you can use instead of (or in addition to) Limit Login Attempts is one called “Captcha on Login”, and I like this one as well. What it does is it force you to enter in a Captcha image every time you log in, which is something that bots have a very difficult time doing (especially if they have to do it several times over). These are very simple plugins, but both are lethally effective.
Bonus Tip: Be Careful Where You Log Into Your Dashboard
Last but certainly not least, you want to be weary of where you log into your WordPress Dashboard. As you may be aware, there are some places which you can log in that will simply compromise your security. For example, the local Starbucks might be a nice place to browse the web, but, there could be someone in that location who could simply access your login information the moment you type it in. Your site may not be immediately attacked, but they could take note of your password and then login later in order to wreak havoc.
So, just make sure to only login to your Dashboard on your own private network, and this is an issue you’ll never have to worry about. If you want, there are portable wifi hotspots which you can get, which will allow you to log in from anywhere where you can get connectivity, so that’s always an option as well, if you need to login to your back-end while on the road a lot.
I hope that helps! Follow these simple tips, and rest assured that your site will be nearly hack-proof very soon.