Conceptual Creative

Simple Guide For WordPress Security

Young hacker working together with cyber terrorists

Simple Guide For WordPress Security

Your WordPress security is critical when it comes to protecting your website investment. Welcome to our simple guide on WordPress security that you can perform yourself with very little assistance.

With over 100,000 websites being hacked everyday it is more important than ever to make sure your website security is a priority. The following steps and tips will help you to move forward with some best practice security for your WordPress website.

Secure WordPress Hosting

Making sure you choose a good quality and secure hosting provider is the first most important step in securing your website. Security starts at the server level and by using good quality reliable hosting (yes it won’t be the cheap kind) your business website will have the best head start to being secure. Good quality hosting will help you to be protected from things such as Malware, Phishing and DDoS style attacks.

It is important to choose hosts based on functionality, features and support and ignore the overwhelming need to go with something cheap just to save a dollar or two. In a previous article this month we covered in more detail how to choose the right website hosting for your business. 

Use The Latest PHP Version

WordPress is a platform built using PHP as its core. Each new version of PHP comes complete with improved security and patches and fixes. By updating your hosting server or choosing a host that uses the latest PHP version then you are effectively putting another layer of security into the mix. 

Many website owners who choose cheaper hosting options often don’t realise that many of those hosts are still using a much older PHP version such as PHP 5.6 as opposed to the current version of PHP 7.3 or newer. Over 78% of all websites globally are using out of date or no longer supported versions of PHP.

Use Better Usernames & Passwords

It might seem common sense but with a huge percentage of WordPress website hacks being caused by poor username or password selection this is important. According to a study performed in 2018 by Splash Data the most commonly used password is “123456” followed closely in 2nd place by “password”.

Make sure you choose a good strong password that contains a mix of upper and lower case characters, numbers and symbols. A good password should be at least 8 characters in length contain at least one upper case letter, one lower case letter, one number and one symbol.

Just like choosing a poor password opens you up to attack so does using a common username such as “admin”, “test” and “administrator”. Make sure that your username is unique and why note use a similar method to creating a password when it comes to creating your username.

Always Use The Latest Versions of WordPress, Plugins and Themes.

We mention and harp on this a lot but you really need to make sure that your WordPress core, your plugins, and your themes are kept up to date at all times. We recommend looking at updating these items at least once a week and if you do not have time to do this yourself then pay someone else to do it for you.

Change Your WordPress Admin URL

One of the simplest ways you can work to secure your WordPress website is to secure your login by changing the admin URL. There are a wide range of plugins available to help you change your login URL. By default the WordPress login URL is yourwebsite.com.au/wp-admin

Because this login URL is a default address it is common for hackers and bots to look for it. Whilst you may think changing that URL may only slow them down in actual reality most scripts simply skip over your site if they don’t find the login page at that address.

Two-Factor Authentication

By adding a 2 factor authentication option to your login you can easily add yet another layer of security to your website. This type of authentication means that to log into your website you will need a username, a password and typically a code generated by a third party app on your phone or via email.

This effectively means to log in your will need to have your phone or email access to complete the login process. This makes it much harder for a hacker to utilise a brute force attack on your website. This is all due to the hacker also needing access to your phone or email in order to log in. There are many options for this and a simple search for two factor authentication on the WordPress repository will provide options.

Purchase an SSL Certificate

Make sure that your website incorporates and SSL certificate in order to protect all data transmitted to and from the website to the browser. This will help to protect your clients data as they input it on the site, It will help with SEO as Google and other search engines now frown upon insecure sites, and it builds Trust and Credibility.

Most website hosts now provide free SSL certificates as part of your hosting plan however we do recommend that you look at purchasing your own premium SSL certificate. Whilst the free certificate is adequate for most website types a premium SSL certificate is critical if your site is mission critical or contains eCommerce or any other type of money collection including eLearning and membership systems. Premium certificates provide far better coverage and trust then a free certificate.

Use WordPress Security Plugins

One of the best ways to secure your website is to use a security plugin to help secure the site actively. Two of the best plugins are Sucuri Security and WordFence Security both of which are freely available in the WordPress Repository. These types of plugins will help you to perform tasks on your website such as:

  • Generate or force secure password use
  • Expire passwords and force regular password changes
  • Log user activities allowing you to see who is doing what behind the scenes
  • Malware Scanning
  • WordPress Firewalls
  • IP Banning and Whitelisting
  • Website Monitoring
  • Malicious Attack Blocking

Always Backup Your Website

By backing up your website regularly you are protecting your investment in more ways than one. Firstly you’re creating a way to recover your site should something go wrong with an update or content change. Next you’re protecting your site by having a restoration point should a hacker succeed in breaking into your site.

There are many backup plugins for WordPress including Duplicator and Updraft Plus both of which have free versions available on the WordPress repository. We recommend that you backup at the least weekly however daily backups should be taken wherever possible. We also suggest storing your backups away from your website either in a cloud storage or other storage environment. Where possible make sure your backup is kept secure by using password protection on the storage.

Conclusion

This article is in know way a complete guide because there are literally so many different methods of applying security to your website. If you are looking for a more in depth article we suggest dropping by https://kinsta.com/blog/wordpress-security/ as this article is quite in depth and a great starting place for learning more.

In most cases your website developer should have already performed much of these tasks when they set up your website. If securing your site is something that your not comfortable doing yourself then we recommend employing a website designer or developer to complete it for you.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Related Posts

Microphone in modern radio station broadcasting studio

Care Plans In Detail

Hello and welcome to this episode of The Online Concept Podcast. In this episode I am going to break down WordPress Care Plans into a bit more detail with the aim of helping you to make a more educated decision regarding your WordPress support needs. When it comes to your WordPress website a care plan

Microphone in modern radio station broadcasting studio

Top 6 WordPress Plugins To Boost Business In Tough Times

SUMMARY The world as we know it has changed right now but this too shall pass just like other tough times we have all as business owners experienced in the past. In this episode we will be taking a look at our top 6 WordPress plugins that can really help you to grow your business

Microphone in modern radio station broadcasting studio

Top 5 Tips For Business Owners To Stay Visible Online

SUMMARY In this special episode Martin from The Online Concept Podcast and Tabitha from the Bite Sized Branding Podcast talk about how you can keep your business visible in these tough economic times. Get our top 5 tips to stay visible. SHOW NOTES Podcast Name: The Online ConceptEpisode Number: 3Description: Our top 5 tips for showing up

Microphone in modern radio station broadcasting studio

Getting Started With Websites – The Basics

SUMMARY In this episode of the The Online Concept Podcast, we discuss Getting started with websites, what is a website, do you need a website and the types of websites For all of the new listeners out there we would love to hear from you so please visit our contact page and let us know

Beautiful CustomisedWordPress Web Design

Chris Gent
12/07/2020
Conceptual Creative is the best around. After a previous bad experience with another web developer it was refreshing to have Conceptual Creative deliver exactly what I asked for. Extremely knowledgeable, professional and I highly recommend. Huge short out to Martin Mills who headed up the project.
Tracy Kennedy
09/06/2020
Martin and the team have been great to work with and have built a fantastic website for our business. I always get a response to my emails and phone calls quickly and my queries are answered clearly. I would absolutely recommend Conceptual Creative to anyone wanting a new website or ongoing management of an existing website.
Sam Price
21/07/2020
Martin and the team from Conceptual Creative produce excellent websites and are always willing to share their knowledge. I have always been very happy with their work and Martins creativity always impresses me.
Joseph Bobadilla
05/06/2020
Martin and his team at Conceptual Creative are your go-to for new website builds or ongoing website maintenance at great value. He is very knowledgeable in all things WordPress related and great to deal with - highly recommended!
Di Bensley
11/04/2019
I engaged Conceptual Creative after learning the hard way and having my business website hacked. They have provided quality and timely service to my company and complete peace of mind 24/7. Whether providing support, maintenance or giving us the opportunity to make updates, Conceptual Creative’s expertise and support services have been outstanding!

©2020 Conceptual Creative Pty Ltd, All rights reserved.

Scroll to Top