WordPress Website Security 101
4 Quick Steps for securing Your Website Against Attacks
The best thing about the WordPress platform is the fact that it is open-source – this means that it is not only free to use, but that a community of hundreds of thousands of people around the world are constantly developing new tools, functionalities and plugins that can be easily installed onto a website (often for free) with a click of the mouse. The worst part about the WordPress platform is that this often leads to higher levels of hacking and security attacks on the platform – because the source code is readily available, those who are inclined to do so, can download it and look for holes or soft-spots through which they can enter your website.
But never fear! There are some simple steps that you can take as a website owner that can drastically reduce the chances of your website getting infiltrated and increase your WordPress website security.
Why do websites get hacked?
There are few different reasons why websites get hacked – sometimes it is just for the fun of it but often it is to exploit the website’s resources. E-commerce websites along with websites that have large databases of users and sites that generate large quantities of traffic are more at threat of being hacked. This is because the attacker (who actually often a ‘robot’ btw, that searches the internet looking for WordPress websites and then poking the ‘soft-spot’ to see if they can get in), wants to steal your user database or redirect your large quantities of website traffic to their own websites.
What can I do to stop the attacks?
You cannot stop the attacks. The best you can do is protect yourself against the attacks and make it harder for them to penetrate your site. I have outlined my top 4 steps for protecting your WordPress website against security attacks below:
- Strong Username and Password – This one is pretty straight forward, yet commonly overlooked. It is not enough to just have a strong password; you also need a strong username. If your username is ‘admin’, the name of your business or your own name, then login and change it now.
- Update Your Plugins – When you login to WordPress and you see a little orange circle with a number in it next to the ‘plugins’ or ‘updates’ tab in the left side bar, that means that you have plugins on your website that need to be updated. Often, when the developer becomes aware of a hole or a ‘soft spot’ in their plugin, they go in and patch it up and then release an updated version of the plugin – updating your plugins as soon as you see them is the best and fastest way to reduce the amount of soft spots on your website.
- Backup Your Website – Every time you make any major updates your website, back it up. That way, if your site does get attacked the quickest and easiest way to remove the attack is to delete your site completely and then reload your backup (as long as the backup was taken before the site was infiltrated). I use a plugin called Backup Buddy to do my backups and I download and store the backup off-site, but you can usually also do a full backup through your cPanel, FTP or by requesting it from your hosting provider.
- Security Plugins – There are quite a lot of security plugins available that have different functionalities; some will change your login address (from the standard ‘/wp-admin’ to something unique that only you know), others will block IP addresses or failed login attempts (if someone tries to login with the username ‘admin’ unsuccessfully 3 times or more they will be blocked). I would recommend installing some of these, especially if you have been attacked in this manner in the past.
Please note, these four steps aren’t a fool-proof solution for website hacking – they will just reduce the chances of your site getting hacked by making it harder to so, and also ensure that you have a backup plan if your WordPress website does get attacked. If you’d like more info WordPress website security or would like to organise a consultation/training session where you’ll be taught how to implement these steps yourself, give me a call on 0413 844 190 or email me at firstname.lastname@example.org.