In terms of security, an up to date WordPress site is fairly robust, but because WordPress is so popular, there are plenty out there looking to exploit any weakness in security. Before you know it, your site could be full of links to Viagra and dodgy pharmaceutical products, or worse. So what can you do to make your site more secure? Here’s a non-technical list of 10 things you can do.
1. Use a security plugin. There are two good free plugins available – Better WP Security and WordFence. Once activated, your site is immediately more secure, but the settings provide further enhancements which do not take very long to set up.
2. Don’t use admin as your user name – it gives half the game away! And ensure strong passwords – non-dictionary, with numbers and characters. This can help protect you against ‘brute force attacks’which aim to gain access to a site by trying passwords and usernames over and over again.
3. Don’t use WP as your database table prefix – create a unique. Better WP Security can safely change this for you. It can also assist in changing your .htaccess file and custom admin url if you’re a little tech/WordPress savvy. Changing any of these default WordPress settings will help harden your site.
4. Don’t choose themes and plugins that are not up-to-date or updated regularly. If your theme or a plugin is not being updated or its last update was some time ago, it’s probably best to avoid it, even if it seems to be exactly what you want.
5. Only use themes and plugins that are in the official WP Depositories for Plugins and Themes, or buy them from reliable sources such as Theme Forest and Code Canyon. Free themes from disreputable sources are one way your site may end up with those viagra spam links. Check reviews too.
6. Keep Everything Up-to-Date – that’s WordPress, your plugins and themes. An out of date site is much more vulnerable.
7. Use Theme Authenticity Checker (TAC), a plugin that checks a theme for malicious code – useful to check any theme you may have doubts about or to just make sure.
8. Use an online virus checker to check theme and plugin files such as the free virustotal.com
9. Use the Limit Login Attempts plugin to stop repeated login attempts.
10. Check your site for malware – use Sucuri’s free online Website Malware Scanner or try their plugin, Sucuri Security – SiteCheck Malware Scanner, which also provides further options to harden your site.
If you use Better WP Security or WordFence, you’ll find that both these plugins will help you to do a lot of these things, so make one of them your starting point. And, whilst this may help, it’s best never to be too complacent – make sure you back up your site regularly with a plugin such as WordPressBackup to DropBox or BackUpWordPress, and it’s also a good idea to do this before you starting making security changes to your site.
There’s lot more you can do if you have a bit more know how or have the money. See Hardening WordPress on the main WordPress website for more advice and take a look at premium services such as the full website monitoring and clean up package offered (at a price) by Sucuri.
Here’s to a safe and secure site.