Learn how to secure your WordPress site with this quick 7 point checkup
Many authors use a self-hosted WordPress site because of the promotional benefits it offers.
But is your site secure?
WordPress is without a doubt the most popular blogging platform. It offers so many features, plugins and functions that when it comes to serious blogging and book promotion, there is no better platform to use.
The advantages of being able to integrate social media sharing, add monetising options and most importantly, gain far more organic traffic from Google and Bing make the small investment in managed WordPress hosting fees, money well spent.
However, due to its popularity, poorly secured WordPress sites are also easy targets for hackers and scammers. Their aim is not necessarily to steal your information. More likely, they want to gain access to your site to try to add or inject malware, adware or possibly viruses into your site.
Preventing this from happening is not difficult. But it does mean taking a few simple precautions to improve your website security.
You should always make sure that your WordPress installation is operating with the latest version of WordPress and that your site is using an SSL certificate. These are essential base elements to protect your site.
To enjoy all the benefits WordPress offers it is imperative to take a few simple precautions to ensure that your site is safe from attack.
The following seven simple security tips will definitely save you a lot of heartaches.
1. Check your username
On a new installation, WordPress sets the default administrator username as ‘admin‘. The default username setting must be changed, and never used under any circumstances.
The way to change this is easy. In your WordPress admin area, add a new administrator user, and select a new username and password.
Select a username that is difficult to guess and make sure your password is long and very strong.
Once done, delete the user with the username ‘admin‘. Other usernames to avoid using are your name and your site’s name as they are too easy to guess.
2. Set a strong password
Your password is the number one defence against attack and to limit login attempts. So make it as strong as you can.
Ideally, longer than 8 characters, and it should include two non-alphabetic characters, numbers and an uppercase letter.
It should not have sequences such as 1234 or abcd.
You should also change your password from time to time.
Yes, I know it’s a pain, but changing your password every now and then is by far the best security measure you can take.
3. Remove the meta box widget
WordPress has a default meta widget that gives site visitors links to login and subscribe.
Never use this widget on your site, as it is an open door invitation for hackers.
4. Don’t allow subscribers
Even though you can collect subscribers via your WordPress site, it is far safer to collect subscribers via an external email application such as Feedburner, Mailchimp, Aweber or whichever service you choose.
This goes without saying of course.
But if you need technical help with a plugin or theme, sometimes a developer may ask you for your login details. Be careful, and only do this if absolutely necessary.
If the occasion arises, however, it is worth changing your password after the problem has been resolved.
A better alternative to sharing your login details is to use a plugin to grant a developer tempory access.
Temporary Login Without Password is a free plugin that works very well.
6. Add monitoring and protection
Wordfence is a popular WordPress security plugin that monitors and blocks unwanted intruders.
It is free and is installed on millions of sites. There is a premium version available, but for most site owners, the free version offers more than sufficient protection.
It includes web application firewalls, IP blocking, security scanning, two-factor authentication and much more.
7. Back up your site files and database
There are many plugins that offer backups, and any of them are better than nothing.
The most important aspect to consider when looking at ways to backup your site is that your backup files are not stored on your web hosting server.
Many free plugins work like this and are not offering you much protection.
If you have a problem or are hacked, your server will be where the problem occurs. So having your backups there is pointless, as you may not be able to access them.
I can recommend Updraftplus as it has the facility to store your backup files on external sites such as Google Drive, Dropbox and Amazon S3, as well as many others.
The free version offers basic file and database backups.
Again, there is a premium version that offers more functionality, and this is what I use as I have a number of sites to protect. If a problem occurs and you need to do a restore, it is quick and easy.
As long as you have a good hosting plan, you don’t need to spend a cent to keep your WordPress site safe and secure.
But the few minutes you take in checking or implementing the seven points I have listed here will be time very well invested in making sure that your site is as secure as possible.