Above all else, the security of your website should be of paramount importance. After all, if a hacker sould ever happen to gain access to your website, you might lose data or access to it. Having a strong password is no longer good enough for the security of a website, especially one that uses the open WordPress platform. With this, here are some quick fire tips to help those with a WordPress website make their website as secure as ever.
- Don’t have the administrator username as admin – This is the first username hackers try to use to log in through brute force (trial and error for the password).
- Use long unique passwords – There is a tendency, especially those with multiple login details for a website (such as Twitter, Instagram and more for the website), that they use the same password to make life easier. However, if at any point any of them passwords is hacked, then there is a strong chance your website will be hacked too. Make sure your passwords are unique and long, with different characters used (numbers, letters and special).
- Don’t store your passwords on your computer – From having long unique passwords, you may feel the need to store the password locally or on an online drive as a text file so you do not lose it – bad idea! It is never good to store a password.
- Use a security plugin – There are many security plugins out there that will help to reduce the chance of your website being hacked into. The one I would go for is WordFence, since it provides real time security defense to your website, as well as notify you over email when something suspicious ever happens.
- Use 2-factor login authentication – This means that, to login, you will need to have something, such as a smartphone, to provide a second authentication. This can completely stop brute-force logins from happening.
- Disable directory browsing – By default, WordPress websites allow anyone to browse the directory, showing important information such as the plugins and themes that are used on the website. It is much better to make this information confidential to the public.
- Disable wp-uploads – One way hackers can get into a website is through uploading php files using wp-uploads. This uploads functionality in coding which is then run on your WordPress, giving the hacker access. The vast majority of WordPress websites do not need to use wp-upload so it is better to disable it to prevent such occurrences from happening.
- Keep everything up to date – Although a lot of themes, plugins and WordPress are updated to provide better functionality, some of the updates will have security batches in them. If you do not continually make sure everything is up to date, your website might not be updated to fix a security flaw, giving access to hackers to exploit such a flaw.
- Only download plugins from well-known sources – Since WordPress is an open platform, you can download plugins from anywhere on the internet to use on the platform. This makes it a perfect opportunity for hackers to make a plugin with ‘secretive’ functionality behind the plugin. For this reason, always make sure the plugins you download and install are from reputable sources.