Are you taking your WordPress security seriously?

How often do you change your password? Do you use the same one for everything? These are the common questions that are asked when someone is attacked.

Category: WordPress | Read time: 10 minutes

Read more

In recent times there has been multiple data breaches where highly influential websites have been the victim of online cyber attacks. This has amplified the amount of companies now advising and implementing stronger security measures to protect their clients.

It is important to constantly invest and work to maintain high levels of WordPress security if you don’t want to be vulnerable to attack.

It is advisable to keep your website up to date with added the latest WordPress security techniques, that your developer can add to help reduce your vulnerability.

What happens if I am attacked?

Google’s search results now flags up if a website has been attacked. As a user this can be great way to identify ‘dodgy’ websites but as a business it can be detrimental to reputation. This is why it is important to invest in good support and maintenance products to help protect your website

For all shared hosted platforms the typically inform you of an attack straight away and put precautions in place to protect everyone. This is due to your website being hosted on a server with other domains.  Majority of hosting providers provide useful advice on how to remove malicious files or they do this on your behalf.

However there are many ways you can protect your WordPress website and these are ten top tips to make more work for a hacker. Follow these tips and you will be in a good stead.

10 tips to begin protecting your WordPress website

  1. Only activate approved plugins on your website – WordPress has criteria that all developers have to adhere to. If it is not approved or compatible use with caution.
  2. Moving your core files into a separate directory – This will make finding the login page more difficult.
  3. Rename the default ‘admin’ account –  Commonly this is not changed. Don’t give hackers half the job. Change the username!
  4. Regularly change your password – Do you ensure that you use strong passwords. Strong passwords are those that use lowercase/uppercase characters with a combination of numbers and special characters (! ? #).
  5. Adding an SSL certificate – This ensures all data transfers is secured. Making it more difficult for hackers to spoof.
  6. Back up your website regularly – Having your website backed up gives you the piece of mind that. If the worst happened and your website was attacked it can be used to restore your website.
  7. Disable directory listings with .htaccess – This means that any directory that doesn’t have an index.html, the directory listing would show up. Meaning hackers can gain access to some ideas on how your directory is structured.
  8. Remove your WordPress version number – Why give a hacker some information about your update version. If they see it’s an older version they may target it with any weaknesses that were found and patched at the time for that version.
  9. Limit login attempts. When hackers are trying to gain access they will continue to fire login attempts on your login page.  This will ultimately affect your bandwith.  This can cause your website to go temporarily offline for a period of time. Putting a limit will minimise the attempts. There are numerous plugins that can help you achieve this. You can also limit access to set IP addresses.
  10. Disable XML-RPC – The XML-RPC is a mechanism that helps authors to keep track of external references to their articles this has been prone to cause weaknesses in previous WordPress updates.

If you require some help with your WordPress security, please get in touch via my contact form or email info@leevanstone.co.uk.