Your website is more than just a home for your online presence. It’s also a powerful business tool that helps you get more leads and convert those leads into customers.
As such, you need to make sure your site is safe and secure from hackers, especially when you take into consideration that more than 90000 attacks on WordPress sites happen on a daily basis.
In this post, I’ll show you 8 easy ways to secure your WordPress site so you can make sure hackers don’t get access and ruin everything you’ve worked so hard for.
The tweaks below will help you prevent brute-force login attempts and make sure hackers can’t exploit vulnerabilities to get access to your site.
The first tip on the list is to change the admin username. Admin used to be the default username in WordPress and many people never changed it. If you’re one of them, now is the time to fix that.
Start by logging into your WordPress website and going to Users > Add new. Create a new user with a different email address and set the role to Administrator.
After that’s done, log out of your dashboard and log in with your new user information. Go back to Users > All and delete your old admin account. Before you click on the final delete button don’t forget to assign all your old posts to your new admin user.
While we’re on the subject of admin accounts, many WordPress users make the mistake of blogging on their sites with an administrator accounts. This poses a security risk because hackers can see the information they need every time you publish a new post. They can see your username which means they only have to guess the password to break into your site.
You don’t need an administrator account to publish blog posts so don’t use it. Instead, create a new user account in the same manner as you did in the step above and assign it the Editor role. Then, use it to post new content from now on.
The beauty of WordPress is that it comes with thousands of themes, both free and paid. However, not all themes were created equal. In some cases, hackers create “nulled” versions of premium themes with malicious code and offer them for download for free.
Falling for this trap makes it easy to have your site hacked. Once you upload and activate the theme, hackers will have gained access to your site which allows them to spread the malware even further as well as send spam emails from your domain. To avoid this, always opt for a free theme from the official theme repository or purchase a paid theme from a reputable developer or marketplace.
A good security plugin has a number of features that will help harden your website. With the help of a security plugin, you can limit the login attempts, change your WordPress database prefix, change the URLs for the WordPress login page, and more.
An example of a security plugin that lets you do all of that and more is iThemes Security. It’s a free plugin that offers more than 30 ways to secure your site. It also includes a paid version that comes with added features such as 2-Factor Authentication, the ability to generate secure passwords, change WordPress Salt keys, and more.
Another way to keep your site secure is to choose a reputable hosting company right from the start. While this means paying more for your hosting, it also means you will benefit from better security features. Good hosting companies will have security measures in place such as:
Check out my detailed test of different website hosting companies and see which one ranked #1. You can also take a look at my Hosting page to see which hosting companies I recommend for new and existing WordPress users.
How long has it been since you’ve changed your WordPress password? If it’s been more than 6 months, now is the time to change it. Your password should ideally have 8 characters and you should also use both lowercase and uppercase letters mixed with numbers and special characters.
If you think you won’t be able to remember the password, then use a password manager such as LastPass. While you’re at it, make sure to change the passwords for all the registered users on your site as well.
Outdated WordPress installations, plugins, and themes are one of the main reasons why WordPress gets hacked. According to Hacked Website Report 2017 from Sucuri, 61% of hacked WordPress sites had outdated installations. That’s why you need to make sure to install all the updates as they get released.
For best practices, you’ll want to update WordPress core first. Then, update plugins and themes to avoid potential theme and plugin conflicts. It’s recommended to update plugins one by one, especially if you have a large number of plugins installed. Doing this will make it easier to troubleshoot which plugin caused a conflict if there is a problem.
Backing up your site helps you restore it easily in the event the worst happens. If your site gets hacked or if your hosting company gets compromised, without a backup you’ll be forced to rebuild your entire site from scratch, not to mention, you’ll have to replace years worth of content.
Prevent this by creating a backup routine. You can use a paid plugin such as VaultPress or a free one such as Updraft Plus to have your site automatically backed up on a set schedule. For best practices, consider having your backup stored offsite in your Dropbox so you can easily access it.
A firewall is the first line of defense you’ll have when it comes to hacking attempts. Plugins such as Sucuri or Wordfence will provide you with a great, free firewall that will scan incoming traffic and then block suspicious requests.
Both plugins come with additional features that will help you harden your site’s security. For starters, Sucuri allows you to harden your site with one-click and it monitors your site for any file changes and even blacklisting by the search engines.
Wordfence, on the other hand, comes with protection from brute force attacks by limiting login attempts, enforcing strong passwords, and other security measures.
Lastly, limit the number of themes and plugins you have on your site. As I’ve mentioned earlier, outdated themes and plugins pose a security risk because hackers can exploit their vulnerabilities to get access to your site. But, de-activating themes and plugins you’re not using is not enough. Even if they are not active, hackers can still exploit them so make sure to de-activate and delete all the themes and plugins you’re not using. You can always re-install them when you need them.
Making your site more secure is not as difficult as it appears. Use the tips in this article to protect your site and keep it safe from hackers.
I have tons of great free content and giveaways! Join 10,000+ others and get access to coupons, freebies, and other great wordpress tips and tricksfor your wordpress website!