A Beginners Guide to WordPress Website Security

Setting up a WP Website Securely terryloving.com

The following 7 WordPress Website Tweaks are easy for you to check and fix to increase the security of your website.
If you need help or get stuck, do reach out!

Hackers are still at it, maybe even more than before, finding access through simple things. In this post, we’ll focus on a few of the easier tweaks that can affect the security, performance, and load time of your website.  

Depending on how your website was installed, some of the tweaks listed below may not have been done. It is not too late to check and clean things up where necessary. It is just good website management. I recommend you check or have your web person run a check to give you the peace of mind knowing you’ve done everything you can to keep your business protected.

Hacks are being attempted constantly. Making sure your site is optimized for security (as well as speed) is always a priority to keep in mind. Most of the following can be set one time and forgotten.

Before you update or make changes on a WordPress website always back it up!

7 Tweaks for a WP Essential Set Up aimed 1st at Security and 2nd for Site Speed.

  1. Remove a common ‘Default’ WP ‘Security Hole’ that was automatically installed with WordPress.
    This refers to the “Admin Login”. We are going to remove and replace the Admin login.
    Hacker-Bots use the “Admin login” as their first guess (plus a password) to access to your site. Don’t give them that head start. Make it harder for them to guess.

    To do this, delete the “Admin” user.
    1. FIRST do this:
    2. In your dashboard go to Users.
    3. Create a new user with a name that bots cannot easily guess. It could be your own or your initials.
      Choose a difficult password.
    4. Make user an administrator in the dropdown selection box lower on the page.
    5. Click the box to send an email with the new information to yourself to save the information.
    6. Log out of the account. Then log back in with the new login and password you just created.
    7. Now go back to All Users. You will see the new login.
      It is safe now to delete the Admin user from the account.
    8. Edit this new user profile – add your avatar and a bit of keyword branded information to the bio.
    9. SAVE
  2. There is a lot of ‘junk’ you won’t be using installed with the initial install. Clean it out.
    If you don’t clean it out, outdated “junk” becomes open to vulnerabilities.
    1. Remove the unnecessary plugins and any you are not using.
      It is possible the coding in a plugin can provide a portal for hackers.
      They also can add bulk to a website slowing down your loading speed.
    2. Remove any “Sample” or unused pages and posts
    3. Empty the trash
  3. Limit Irritating Comments
    1. Activate the Akismet plugin – (You will need to sign up for an account which is free for personal use. Business API keys are not very expensive and well worth the expense.)
      This is the best, most reliable spam blocker I know of! It is well maintained and consistently updated.
    2. Under Settings- Discussion – Select as many of these as apply to your standards or site policy.
      I personally require that comments are held for moderation, must be manually approved, and held if they contain 2 or more links as that often indicates spam. Never click on any of the links to investigate – that is one way malware gets into your site!
  4. More to do in Settings –
    Any time you make a change, remember to SAVE that page!
    1. General –
      1. Optimize your tagline
      2. Set your site URL
      3. Set the time zone, date & time display you wish to have visitors see.
    2. Writing
      1. Set Default post Category
      2. When first launching your site, make sure you submit a sitemap to Google.
        http://www.google.com/ping?sitemap=FULL_URL_OF_SITEMAP
      3. Ping Links notify servers that your content has been updated.
        Enter additional ping links in the space allowed to ensure your posts, pages, and updates are quickly updated by search engines.
      4. The following ping links were active in 4/2021
        1. http://rpc.pingomatic.com
        2. https://rpc.twingly.com/
        3. http://blogmatcher.com/u.php
        4. http://ping.feedburner.com
        5. http://ping.blo.gs/
        6. http://www.weblogues.com/RPC/
        7. http://www.blogdigger.com/RPC2
        8. http://pingoat.com/goat/RPC2
        9. https://www.pingmyblog.com/
      5. Set Permalinks for clean SEO
        Go to Settings – Permalinks – Select the Post name option
  5. Appearance – Does your site have a professional look?
    1. Upload your WP Theme –
      Delete any extra, unused themes that you won’t be using.
      For security purposes, it recommend that you invest in a premium, paid theme. They are often updated for security purposes and may contain less “questionable code” built in by the free coder.
  6. Basic Housekeeping for Increased Security
    1. Make sure the SSL Certificate is correctly installed.
    2. Use a recommended Security Plugin
      The Free version of WordFence covers most of the security issues including malware protection that you need.
  7. Install legal docs – Minimum is a Privacy Policy & Terms of Service
    Compliance is important for where you live and your business. Check the details
    Many free & paid templates are available on this site https://www.termsfeed.com/
    1. If you are an affiliate or ecommerce site, know what you need to have for compliance in your state.
    2. I also highly recommend this resource for professional forms –  

  8. One more – Not a Security tweak yet one you need to have:
    Is your site fully Accessible and compliant?
    A helpful WordPress Plugin: WP Accessibility

Have you downloaded my WordPress Security eBook and Checklist yet? Don’t forget to pick it up while it is still free.
Go here to request the download. WordPress Security for non-Techies.
View the blogpost here: WordPress Security

WordPress Security Report terryloving.com

Soon we will focus on Website load speed.
Do you know what is slowing your site down? Watch for a new blog post in this series in which additional tweaks are featured to reduce the speed of load time for a website on desktop and mobile. Google made algorithm changes again and this time a priority is speed and usability on mobile and desktop.

As always, email me if you have questions or need some help!

If you would like to talk to me about your website security, schedule an appointment.

Terryloving.com schedule 25 min apt


Terry

Leave a Comment