WordPress has become a very popular system for designing websites - and for good reason. It lets you create a professional-looking website with terrific functionality and options. However, the more popular a system is, the more likely it is to be targeted by hackers. Here's what you need to know about WordPress Website Security.
WordPress is open source, which makes it even more vulnerable - but only if the site owner fails to take some fairly simple precautions.
WordPress Website Security
Here are some tips to help you keep your WordPress website from being hijacked.
1. Follow normal password best practices for the admin-level login.
Use a strong password that you don't use on any other site and change it frequently. Passphrases are even better. Use a different username and password for the FTP access (required to install plugins and updates). Avoid storing the username and password in the browser, especially with laptops.
2. Don't use "admin" for the admin username.
Also don't use your name, your company's name - use something you can easily remember but that a hacker will find hard to guess.
3. Lockdown wp-login.php
This is the page that is loaded when you log in as admin. You can add it to .htaccess in the WordPress admin folder so that only allowed IPs can even load it. Some people also like to change the URL so that hackers don't know what it is.
4. Limit the number of people with admin panel access to those who need it.
One of the nice things about WordPress is that you can have multiple people post updates - but that also means that there's risk of a disgruntled soon-to-be-ex employee vandalizing the site. Also, educate anyone with access on basic security. Consider using Force Strong Passwords or a similar plugin to ensure good passwords are used.
5. Use SSL.
Most hosting companies will hook you up with an SSL certificate. This not only improves the security of your WordPress site but it's Google ranking as well.
6. Security Plugins
Apply a plugin such as Wordfence or iThemes Security to alert you to changes to any files on the website. This is also particularly useful if you have multiple users as it will not only tell you if somebody hacks in but help you keep track of who's changing what.
7. Change the WordPress database table prefix.
If that seems a little bit Greek to you, then it's a prefix that WordPress attaches to the database files. It can be changed on install or later with a plug-in. If your hosting company is doing the install, talk to them about changing to a custom prefix. This reduces the risk of database attacks.
8. Update WordPress and plugins regularly.
You can do it from the admin dashboard as long as you have the FTP login credentials (make sure to use the right ones - your admin username and password will not work).
9. Take regular backups of your site.
Your hosting company may do this for you, but it is worth taking a snapshot yourself, especially if you are about to do something which might mess with the database. Having a recent backup means that if the worst happens and somebody puts porn on half of your pages you can quickly restore the site to its former state.
WordPress is one of the best ways to run a modern website that looks good and works smoothly - but its very popularity and the open source nature of its scripts makes it more vulnerable. Remember to take simple WordPress security precautions to protect your site and your business' reputation.
If you are looking for a web design company that can help you put together a secure - and beautiful - WordPress site then contact Pixel Fish today.
Check out what Pixel Fish provide their clients: