WordPress software is run on over 40% of all websites. WordPress sites also make the highest percentage of security breached websites, so paying attention to your security is hugely important.
In this blog I will outline what you can do to up your security, by way of reducing risks and vulnerabilities, as well as some good habits to get into with your day-to-day upkeep of the site.
First, let’s talk backups. In the event of a website disaster that cannot be fix, your website is only as good as your last backup. Therefore, it is key that both file and database backups are made often.
UpdraftPlus is the leading WordPress backup plugin and makes it simple to back and restore. The free version allows you to perform full, manual, or scheduled backups of files, databases, plugins, and themes. It also allows for these backups to be saved to cloud storage such as Dropbox and Google Drive.
This plugin is a great place to start as it is easy to use and free! However, in addition to a reliable backup plugin such as UpdratfPlus, it is suggested that semi-regular backups of files and databases are made on the web hosting control panel. This will cover you in the event of the corruption of the WordPress cron system.
Web Application Firewall (WAF)
A great way to protect your WordPress site is by using a Web Application Firewall (WAF). These firewalls act as protection for your site from incoming traffic, it monitors the traffic and blocks when a threat is detected. We recommend only using a DNS level website firewall as they have a great success rate detecting bad traffic and can even help to speed up your WordPress website.
Sucuri WAF offers a DNS level firewall, guaranteed malware removal and a great 24/7 security team. They are the leading website security company for WordPress and have helped to block countless attacks on WordPress.
Tidy your admin area
Keeping your WordPress backend tidy by removing unused plugins and themes is important to your WordPress security. As keeping outdated themes and plugin can be a way for hackers to gain access to your site.
To delete unused themes, go to Appearance -> Themes, select the theme and click Delete. For unused plugins you must deactivate plugin before they can be deleted. Go to Plugins -> installed Plugins, select Deactivate on the plugin you wish to delete, then select Delete under the plugin name.
Use Two-Factor Authentication at the login page
Two-factor authentication (2FA) gives an extra level of WordPress security to the login page, by only allowing access to your admin area only once a unique code is given on top of the admin password. This means even if your login details are leaked others cannot gain access.
Viruses and Malware
You could have the most secure admin area of your WordPress site. But, if you have some nasty malware infecting your computer or mobile phone, a keylogger could present. This means that whoever is monitoring that keylogger has access to every password you enter. Uploading a file to your WordPress site that has been infected by a virus could affect the whole server the site on as well as all the other sites on that server! That is why it is so important to have secure computer when working on the backend of your WordPress site.
Using the best cybersecurity software, you can afford is highly recommended. Having this software checking over your computer on a regular basis will keep it virus and malware free and help keep your mind at ease. Cybersecurity solutions that we recommend are Avast and Kaspersky
Password protection can often be the weak link in website security, having strong, unguessable passwords that are not used for multiple log ins will go a long way in upping security and keep safe on the web. Using a password manager to aid you in this is great and there are many free options available for example LastPass.
Protecting your WordPress Website
Following these steps is a great way to keep many sites secure and problem free. However, it is always important to be aware that although you may feel your site is not at a high risk by attackers, there is nothing stopping them from trying to gain access. Therefore, it is extremely important to have every measure possible in place to stop them and options available if your site is breached. Remember failing to plan is planning to fail.