Many authors use a self-hosted WordPress site because of the promotional benefits it offers. But do you know how to secure your WordPress site?
WordPress is, without a doubt, the most popular blogging platform.
It offers so many features, free plugins, and functions. When it comes to serious blogging and book promotion, there is no better platform to use.
You can integrate social media sharing, add monetizing options, and most importantly, gain far more organic traffic from Google and Bing. It makes a small investment in managed WordPress hosting fees, money well spent.
Check your WordPress security
However, due to its popularity, poorly secured WordPress sites are also easy targets for hackers and scammers.
Their aim is not necessarily to steal your information. More likely, they want to gain access to your site to try to add or inject malware, adware, or possibly viruses into your site.
Preventing this from happening is not difficult. But it does mean taking a few simple precautions to improve your website security.
You should always make sure that your WordPress installation is operating with the latest version of WordPress and that your site is using an SSL certificate. These are essential base elements to protect your site.
To enjoy all the benefits WordPress offers, it is imperative to take a few simple precautions to ensure that your site is safe from attack.
The following seven simple security tips will definitely save you a lot of heartaches.
1. Never use admin as your username
On a new installation, WordPress sets the default administrator username as ‘admin.’ You always need to change the default username setting and never used it under any circumstances.
It’s the very first step you need to take to secure your WordPress site.
The way to change this is easy. In your WordPress admin area, add a new administrator user, and select a new username and password.
Select a username that is difficult to guess and make sure your password is long and very strong.
Once you do it, delete the user with the username ‘admin.’ Other usernames to avoid using are your name and your site’s name as they are too easy to guess.
2. Set a strong password
Your password is the number one defense against attack and to limit login attempts by hackers. Make it as strong as you can.
Ideally, it should be longer than 8 characters and include two non-alphabetic characters, numbers, and an uppercase letter.
You should never use sequences such as 1234 or abcd.
It’s also a good idea to change your password from time to time.
Yes, I know it’s a pain, but changing your password every now and then is by far the best security measure you can take.
3. Remove the meta box widget
WordPress has a default meta widget that gives site visitors links to login and subscribe.
Never use this widget on your site because it’s an open-door invitation for hackers.
4. Don’t allow subscribers
You can collect subscribers via your WordPress site.
But it is far safer to collect subscribers via an external email application such as Mailchimp, Aweber, or whichever service you choose.
This goes without saying, of course.
But if you need technical help with a plugin or theme, sometimes a developer may ask you for your login details.
Be careful, and only do this if absolutely necessary.
However, if the occasion arises, it is worth changing your password after the problem has been resolved.
A better alternative to sharing your login details is to use a plugin to grant a developer temporary access.
Temporary Login Without Password is a free plugin that works very well and is a much more secure way of allowing access for developers.
6. Add monitoring and protection
Wordfence is a popular WordPress security plugin that monitors and blocks unwanted intruders.
It is free and is installed on millions of sites.
There is a premium version available. But for most site owners, the free version offers more than sufficient protection.
It includes web application firewalls, IP blocking, security scanning, two-factor authentication, and much more.
7. Back up your site files and database
Many plugins offer backups, and any of them are better than nothing.
The most important aspect to consider when looking at ways to backup your site is that your backup files are not stored on your web hosting server.
Many free plugins work like this and are not offering you much protection.
If you have a problem or are hacked, your server will be where the problem occurs. Having your backups there is pointless, as you may not be able to access them.
I use Updraftplus as it has the facility to store backup files on external sites such as Google Drive, Dropbox, and Amazon S3, as well as many others.
The free version offers basic file and database backups.
Again, there is a premium version that offers more functionality. It is what I use as I have several sites to protect.
If a problem occurs and you need to do a restore, it is quick and easy.
As long as you have a good hosting plan, you don’t need to spend a cent to keep your WordPress site safe and secure.
But the few minutes you take in checking or implementing the seven points I have listed here will be time very well invested in making sure that your site is as secure as possible.