WordPress Security Tips: The 5 Best Ways to Improve Your Site’s SafetyTim Hamby
WordPress is the most popular blogging system in the world today with over 75 million sites built upon this open-source content management system (CMS). Robust, flexible and easy-to-use with a seemingly unlimited number of design options, WordPress offers many advantages. At the same time, its popularity has made it an appealing target for hackers. As a global website design and hosting company with over 3.5 million customers, all of us at Web.com are acutely aware of the security threats WordPress users face every day.
Because our customers’ security is a top priority, we invest significant resources protecting them against malicious cyberactivity. This not only includes employing market-leading technology and regular systems upgrades, but also conducting ongoing research and sustained efforts to keep our customers informed about how to best protect themselves against would-be threats. To follow are what we consider 5 of the best ways to improve the safety of your WordPress website- simply, easily and effectively. We’ll assume you already have secure web hosting with a reputable company. If not, please contact us and we’ll explain the options available, and help you determine what’s best for your needs.
1. Keep your website up-to-date by using the latest version of WordPress – Just like with any software (and especially true for open-source platforms where collaborative knowledge and improvement flow more quickly), newer versions of WordPress that add features and reduce vulnerabilities are constantly being released. When you are alerted that a new version of WordPress is available (visible at the top of your CMS), update to that new version immediately.
2. Update your plugins – WordPress is known for the extensive volume of plugins it accommodates. Plugins are software add-ons that extend the functionality of your website, from adding video players to displaying social media to enhancing site security. Some popular WordPress themes come with certain plugins pre-packaged into them. Regardless of which you may be using, you’ll want to keep them updated by regularly checking the back end of your site (just click on “Plug-ins” in the left side menu) to see when new versions are released. We’ve recently seen a rise in security compromises of WordPress sites by people using outdated versions of three popular plug-ins- Jetpack, RevSlider and Contact Form 7. If you’re using these or any plugins, be sure to update them to their latest, most secure versions!
3. Use strong password protection – Arrgghh, passwords. We know! They’re no fun. So hard to think of, so easy to forget! And most of us have hundreds because our lives are so intertwined with the Internet. But strong passwords are your best defense against malicious cyber activity and there are some tips that can make password protection, easy.
- Use strong, unique passwords, and different passwords for different accounts
- Make your passwords at least 8 characters long. The longer, the better. Longer passwords are harder for hackers to hack and they’ll typically seek the shortest routes from point A to point B.
- Include a combination of numbers, upper- and lowercase letters, and symbols in your passwords
- Do not use dictionary words. Cybercriminals use software that can guess those.
- An excellent way to create an easy-to-remember password that’s hard for others to guess is to pick a phrase, then use the first letter in each word as your characters, such as, “My wife, Eden drives a 2012 Ford Explorer with a V8 engine” = MwEda2012FEwaV8e. You can use song lyrics, favorite quotes, etc.
- To help you keep track of all of your passwords safely, consider trying a password management app like Dashlane or LastPass that allow you to easily remember one password, while securely storing many others.
4. Never use the default username, “admin” – “admin” is the default username for WordPress website installations. Many people make the mistake of not changing this post-set-up. But, if a “Brute Force” hacker accesses your login page and you’re still using “admin” as your username (an easy guess), then all they have left to do is noodle on your password. Make their job twice as hard by also coming up with a unique username that will also be difficult for them to guess.
5. Back up your website regularly – You should take great care to back up your WordPress site regularly (weekly or monthly, depending upon how regularly you add new content). Technically, you need to back up both your website AND your database. At Web.com, we do this for our customers nightly to provide them the highest levels of security and peace of mind. If you’re not a Web.com customer, you’ll want to ask your webmaster to do this for you, or plan to do it yourself. There are automatic WordPress backup plugins available that can simplify this task, but you should also endeavor to back up your automated back-ups manually every so often, to ensure they are working. WordPress also recommends keeping a couple of different copies of your back-ups in different places (i.e. hard drive, DVD, thumb drive), in the event that one is corrupted.
Tim is Director of Social Media at Web.com. A deeply experienced integrated marketing professional, former creative director and writer who operated his own full-service marketing, branding, public relations and design firm for 15 years, Tim provides a wealth of experience in nearly every area of marketing communications encompassing both new and traditional media.