WordPress Security Plan for a Safe Website

WordPress is one of the most popular content management systems used.  That popularity also brings the very real risk of your site being attacked. So rather than take that risk you will want to protect your site from invasions and attacks.  It’s important to understand your site’s vulnerable spots. WordPress security should be a top priority.

Because it is an “open source”, WordPress is vulnerable to hackers This means that there are many people who know how the backside coding is structured. Unfortunately, if your site is left open for hackers, it can be used by them in a variety of ways. 

Many of us know someone who has had their site hacked.  Most of the time, those attacks could have been prevented if the site owner took some precautionary measures.  Hackers are always trying to improve their methods of slipping into websites and blogs.  However, the following are WordPress safety defense steps that will keep your WordPress site secure:

Security Set-Ups

• Remove any revealing signs that tell hackers insights about your website including:
  • Website’s header showing your WordPress version
  • Use a unique user name/ password instead of using “admin”
  • Remove the login link from your theme.

• Install systems and plug-ins that do one or more of the following:
  • Restrict the number of login attempts within a timeframe
    Wordfence is a plug in that many recommend. There is a free and premium version.
  • Use two-factor authentification that requires an additional code

• Add SSL (Secure Socket Layer) for your WordPress Admin. (You may need to contact your web host to have them implement this)

• Change the default table prefix in the WordPress database or have it changed for you to prevent hackers from easily accessing your database.  
  • For a new WordPress installation, you can change the table prefix in the “wp-config.php” file prior to installation. However, if you already have WordPress installed, then visit WordPress.org for instructions on the process.

• Set up systems to:
  • Update software and plug-ins
  • Scan site for malware and viruses regularly

• Regularly back-up your WordPress site

• Remove and uninstall any and all unnecessary plug-ins, themes, and users that are not necessary. 

• Create systems to ensure your back-up system is working efficiently.  However, backing up your WordPress site isn’t a one-time thing.  You need to create a system to regularly check that your site/blog is backing up correctly.

Login Security

• Change your “wp-login.php” file to something else like “log-in.php” so hackers cannot know the correct login URL

• Create a strong password for site login being sure to include upper and lower case letters, numbers and special characters.  For example, you shouldn’t make your password related to anything in your personal life that can be guessed. In addition, be sure to change your password at least once every 90 days.

Outside Providers

** Give each provider a unique password and username and certainly change the information after your business with them is concluded.

• Choose a reputable host known for secure hosting and solid security practices.

Click here to download your free Security Report and checklist.

Above all, part of building your website should include making WordPress security your primary focus. So, for helpful hints on setting up your WordPress site see our previous post, Beyond WordPress Basics.

Here at WordPress Website Management, Hosting and Security are primary focuses of ours. If you would like to have a conversation to see if we might be a good fit for you, set up an appointment with Terry: Appointment Schedule

Check back on WordPress Wednesdays for more WordPress Tips and help.