Website security is an important issue, ignore it and it could cost you. Over 30,000 websites are hacked every day, that’s an average of one every 5 seconds. However, most of these hacking attempts could have been prevented if the website owners followed a few simple guidelines to keep their site secure.
To secure your website start with a regular backup. Some hosting companies provide a backup as part of their service, or you can install one of the many WordPress plugins that create regular backups for you. We use UpdraftPlus as it’s easy to configure, offers a free version, and allows you to send your backs to a dropbox or google drive account. Keeping your backups off the server adds an extra layer of protection, if anything catastrophic happens to your servers you’ll still have your backup files.
One of the most common reasons for a WordPress website being hacked is out of date plugins, themes, or WordPress core. Check your website regularly for updates, and don’t put off installing them. Even better, you can enable automatic updates for many plugins and themes.
Weak passwords are another way hackers are able to compromise WordPress websites. To set a strong password go to ‘Users > Your Profile’ and press the ‘New Password’ button. This will generate a random password for you. You should also consider using two factor authentication, a much more secure way to log into WordPress. WordPress is now shipping with the Clef plugin, a login system that requires you to use an app on your phone to login to your website. Now if someone wants to log into your website they’ll need you phone, not just a password.
If you’re not keen on the two factor authentication system then install a security plugin and limit the login attempts, this will help to protect your site from brute force attacks used to crack your passwords. You can also remove and login page links from your website as an additional security measure.
When changing the passwords on your site you might also consider change account names. People commonly have a default account called ‘admin’ on their WordPress site, but this predictability makes it an easy target for hackers. Try to avoid generic predictable account names.
You can also help secure your website by securing the machines that you access it with. Ensure that your computer is free from virus, malware, and spyware. Avoid using shared computers to access your site if you’re unsure of how well maintained they are.
Finally, you can help make WordPress even more secure by reporting any bugs or security issues you find. If you find a big or security issue you can report it on wordpress.org, just follow the guidelines.
If you are already unlucky enough to have had your WordPress website hacked, don’t panic. Follow these guidelines from WordPress to recover your site and secure it against further attacks. You might also consider installing Wordfence, a wordpress plugin that will help you clean up and secure your website.
This infographic was designed by YourEscapeFrom9to5.com.