How To Lock Down And Secure Your Wordpress
Download as PPTX, PDF0 likes462 views
This document provides tips to secure a WordPress website from hackers. It recommends 6 steps: 1) keep software updated, 2) use strong unique passwords, 3) manage users and access privileges carefully, 4) automatically back up the site regularly, 5) do not use the default "admin" username, and 6) use security plugins or services to monitor the site and fix any issues. Regular software updates, secure passwords, limited administrative access, automated backups, a non-default username, and additional security tools can all help minimize risks to a WordPress site.
How To Lock Down And Secure Your Wordpress
- 1. How to Lock Down and Secure Your Wordpress Site From Hackers
- 2. There are millions of websites operating on the WordPress software platform. In fact, 17% of the world’s websites are using WordPress. It’s easy to use, with a user-friendly interface that allows someone to create and update their site even if they don’t have a programming background. It has hundreds of thousands of plugins available to give it a multitude of functionalities to accommodate mostly all of your basic website needs. It’s also free.
- 3. Unfortunately, there’s some downsides as well.
- 4. For example, if you don’t change your default configuration, hackers and some pesky users with too much curiosity immediately know where to log in to get into your admin area. In WordPress, you can type in “domain.com/wp-admin” and it will take you right to the login screen. At that point, the only thing left to get into your site is to crack your password. The most common method hackers use is brute force, which allows them to test millions of login combinations in a short amount of time.
- 5. Your website can never be 100% secure. Hackers are always trying new things and discovering new vulnerabilities to exploit. The online world changes quickly and the same is true of security.
- 6. Good security is about minimizing risk. If anybody tries to sell you a 100% secure solution, they’re scamming you. You’ll never be completely safe, but there’s a lot you can do to minimize your risk. There’s also a balance between security and usability. Sometimes locking down your site makes it secure, but it’s harder to use. You’ll have to find the balance that works for you…and take measures to keep it as secure as possible. That being said, there’s a few preventive measures you can take in order to lower your risk of getting your site hacked.
- 7. Here’s 6 quick steps to make your WordPress website more secure: 1. Keep It Up To Date
- 8. One of the biggest security vulnerabilities in WordPress is old software. WordPress is updated fairly often and whenever there’s a new security issue they roll out an update immediately. But you need to stay on top of keeping your WordPress software updated on a regular basis by logging in and checking to see if there’s a notification to “update” and a link in your WordPress Admin area. You also need to keep your themes and plugins up to date—they can have security issues as well. Sometimes people put off updates for fear of breaking their site, but you’d rather break your site with an update than risk a break-in. Also, if a plugin is deactivated, you need to delete the plugin entirely so that it is not an open, unused folder left on your server that a hacker can take over.
- 9. Here’s 6 quick steps to make your WordPress website more secure: 2. Strengthen Your Passwords
- 10. Your security is only as good as your password. If you’ve got a simple password, you’re making it very easy for a hacker to walk right in. Your password should have numbers, capitals, special characters (@, #, *, etc.) and be long and unique. Your WordPress password can even include spaces and be a passphrase. Remembering different passwords for different sites is tough, but a hacked site is worse.
- 11. Here’s 6 quick steps to make your WordPress website more secure: 3. Manage Your Users
- 12. Your own strong password is useless if another admin has a weak one. You need to manage your users. Not everybody needs admin access. The more people with admin access, the more chances to hack your site. If someone is writing blogs for you, give them “Editor” access rather than “Admin”, for instance. Remember to update or remove users when you have staff transitions. If you have someone working on development or editing for a temporary period, create a new user account for them and then delete once they are finished.
- 13. Here’s 6 quick steps to make your WordPress website more secure: 4. Back It Up
- 14. If anything ever goes wrong with your site, you want to be able to get it back up quickly. That means you need to have backups available to restore the site. In order for backup to work, it needs to be complete and automatic. Backing up your database isn’t enough. That will save your content, but you’ll still have to rebuild your entire site, including theme tweaks and plugin settings. And if your backup isn’t automatic, you’ll forget to do it regularly. Get a powerful backup tool, such as BackupBuddy, to keep your site safely backed up and ready to be restored. It’s a premium plugin that makes backing up and restoring a seamless process.
- 15. Here’s 6 quick steps to make your WordPress website more secure: 5. Don’t use “Admin” as Your Username
- 16. If you use “admin” as your username, and your password isn’t strong enough (see #2), then your site is very vulnerable to a malicious attack. Until version 3.0, installing WordPress automatically created a user with “admin” as the username. This was updated in version 3.0 so you can now choose your own username. Many people still use “admin” as it’s become the standard, and it’s easy to remember. Some web hosts also use auto-install scripts that still set up an ‘admin’ username by default. Simply create a new “admin” user account for yourself using a different username. Then log out and then log in as that new user and delete the original “admin” account. If you have posts published by the “admin” account, when you delete it, you can assign all the existing posts to your new user account.
- 17. Here’s 6 quick steps to make your WordPress website more secure: 6. Use Security Plugins or Security Services to Protect Your Site
- 18. As well as all of the measures above, there are tons of plugins you can use to tighten your site’s security and reduce the likelihood of being hacked. Here are a handful of popular options: http://wordpress.org/plugins/better-wp-security/ – offers a wide range of security features. http://wordpress.org/plugins/bulletproof-security/ – protects your site via .htaccess. http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ – adds a firewall to your site. http://wordpress.org/plugins/sucuri-scanner/ – scans your site for malware etc. http://wordpress.org/plugins/wordfence/ – full-featured security plugin. http://wordpress.org/plugins/websitedefender-wordpress-security/ – comprehensive security tool. http://wordpress.org/plugins/exploit-scanner/ – searches your database for any suspicious code.
- 19. Personally, after trying to find a free plugin that protected my site and getting frustrated, I switched to using Sucuri Security. It’s a monitoring service that protects your site as well as fixes it if it gets hacked. It’s saved me and multiple clients websites after getting hacked. I haven’t had an issue since I signed up for their service. You can find them at Sucuri.net. If you’re interested in learning more about hardening your website’s security, please check out these two resources: http://codex.wordpress.org/Hardening_WordPress http://wp.tutsplus.com/tutorials/11-quick-tips-securing-your-wordpress-site While all of this may sound overwhelming or intimidating…I am not intending to scare you. It’s just important to understand the best measures to take so that the hours of time and effort put into building your website are protected.