WordPress is a reliable and popular content management tool that boasts millions of websites built on the platform. With the popularity of WordPress means they are vulnerable to hackers, brute force attacks, malicious file uploads and other security issues.
How to Secure Your WordPress Site
It’s no secret how to find a WordPress login screen: simply type yourdomain.com/wp-admin/ and you’ll be redirected to a login page if the site is utilizing WordPress. Once a hacker finds this page then they only need to determine your username and password.
Don’t Use ‘Admin’ as a Username
When installing a new WordPress website the default username is set to ‘admin’. If you’re using ‘Admin’ or ‘admin’ as your password then the hackers have found your login screen and username, leaving only the password in order to log into your site and do their damage.
Use a Strong Password
Strong passwords are necessary to keep bots, software, or brute force attacks from gaining access to your site. Don’t use real words, common language, logical sequences of events, or any sort of personal data such as spouse, pets, or your children’s names. Avoid using birthdates or anything that is personally identifiable and discoverable online.
Passwords should be a combination of numbers, letters (uppercase and lowercase), and special characters. If you have trouble remembering passwords then use a master password manager service such as LastPass, 1Password or Dashlane.
Backup Your Site Regularly
It’s important to create a regular backup schedule for your WordPress site. Most hosting services create nightly backups, but you can install a plugin like UpDraft Plus to create monthly backup for your files and database.
Update WordPress, Plugins and Themes Regularly
WordPress releases two major core updates per year and only minor core updates throughout the year. It’s wise to set up a regular site update / WordPress Maintenance schedule to keep WordPress, plugins and themes up-to-date.
Install Security Plugins
There are a several great security plugins that provide features like malware scanning, malicious file scanning, live traffic monitoring and other tools.
iThemes Security will allow you to ban users who have too many login attempts, schedule regular database backups, and enforce strong passwords for all users.
Wordfence will run basic malware scanning and malicious files scanning and flag any outstanding issues in the WordPress dashboard.
There are paid security plugins as well. Securi provides monitoring for as little as $24.99 per month. This service helps prevent DDoS and Brute Force attacks, blacklist removal, malware file cleanup if it’s found on your site, and more.
Do you need a security plugins or ongoing maintenance performed on your WordPress website? Contact Sublime Creations today to schedule a 30-minute consultation to discuss how Sublime Creations can help make the web work for you.