No software can be completely secure and WordPress is no exception. Handling almost a quarter of all websites worldwide, the platform is an obvious target for hackers.
Although we hear about many of the major attacks there are thousands being stopped every year by the WordPress team and the positive actions of users and developers worldwide.
We’ll tell you about five essential tips to keep WordPress safer.
1. Strong Usernames and Passwords
One of the main ways someone can hack your site is one of the easiest to remedy, changing your default username to something harder to guess.
If someone’s trying to get into your website, leaving the default username as it is makes one less step for the hacker.
Since WordPress 3.0 users have been able to choose their own admin username during setup. If you need to upgrade to get this option, now would be a good time to do this!
Secondly, a strong password is key to the first line of your website security. It may be a pain to remember, but there are great tools that will store passwords, and if you keep organised it makes the whole process simpler. Certainly better than losing your site to hackers.
2. Login Screen Security
Limit the number of login attempts. This means that only a certain amount are allowed from any single source within a set period of time. Although someone may be innocently trying to access the site and has forgotten the password, it may also be an unwanted attack.
A captcha, which is a way to test whether a site user is a bot or a human can also help prevent attacks from bots looking to crack your site.
Notifications can be configured to alert you when someone unauthorised is attempting to access your site. A hit from Turkmenistan at an odd hour might be a signal something is wrong. You can also configure a firewall to block IP addresses of people who try to get in without permission.
3. Get a Handle on File and Folder Permissions
File permission modes are a bit of a difficult one as there is much to learn, but two of the most common modes are 644 and 755. These make the rules as to who can open, read or change files in a directory.
644 files can be read and written to (changed) by the owner, but everyone else can only read them. This would usually be the best setting for most kinds of files. 755 is what is often used for folders, as many users can modify files in this directory using this setting.
The permission setting 777 should most often be avoided, as this will grant permission to anyone to read, write, or delete as they choose. Obviously this could be a problem, and any plugin that asks you to set 777 as a permission should be handled very carefully indeed.
4. Backup, Backup, Backup
And again: backup backup backup! We cannot stress how important this is!
A weekly or bi-weekly backup for the majority of websites ought to be adequate, unless you have added a significant amount of content or changed things around drastically in which case a manual backup would be recommended. If you have your site backed up you can reset it to a previous time and simply restore the data in the event your site is compromised. The cost of any backup solution is necessary insurance against the havoc that losing your site can bring.
Our WordPress hosting includes free daily backups
5. Install your WordPress Updates!
Updates handle known security issues, fix bugs and offer new functionality. WordPress and its range of plugins offer a great platform to build your website with, but a massive system needs maintenance, so although it is a hassle it is well worth it to keep on top of updates, so your WordPress is protected as much as possible from any security vulnerabilities. It is also worth looking at the changelogs, as they can point to software clashes that might also cause troubles.
It is worth checking regularly to ensure your site is up to date to avoid being exposed to any potential threat.