Simple Guide For WordPress Security in 2020

In other articles this month we have been discussing the theme of website and particularly WordPress security. In this final article for the month of February 2020 we are going to give you some simple step by step ways to better secure your WordPress website.

With over 100,000 websites being hacked everyday it is more important than ever to make sure your website security is a priority. The following steps and tips will help you to move forward with some best practice security for your WordPress website.

network server room
Choosing secure website hosting will make all the difference

Secure WordPress Hosting

Making sure you choose a good quality and secure hosting provider is the first most important step in securing your website. Security starts at the server level and by using good quality reliable hosting (yes it won’t be the cheap kind) your business website will have the best head start to being secure. Good quality hosting will help you to be protected from things such as Malware, Phishing and DDoS style attacks.

It is important to choose hosts based on functionality, features and support and ignore the overwhelming need to go with something cheap just to save a dollar or two. In a previous article this month we covered in more detail how to choose the right website hosting for your business. Feel free to visit our blog https://conceptualcreative.com.au/wordpress-website-design-blog/ to learn more about this.

Use The Latest PHP Version

WordPress is a platform built using PHP as its core. Each new version of PHP comes complete with improved security and patches and fixes. By updating your hosting server or choosing a host that uses the latest PHP version then you are effectively putting another layer of security into the mix. 

Many website owners who choose cheaper hosting options often don’t realise that many of those hosts are still using a much older PHP version such as PHP 5.6 as opposed to the current version of PHP 7.3 or newer. Over 78% of all websites globally are using out of date or no longer supported versions of PHP.

Use Better Usernames & Passwords

It might seem common sense but with a huge percentage of WordPress website hacks being caused by poor username or password selection this is important. According to a study performed in 2018 by Splash Data the most commonly used password is “123456” followed closely in 2nd place by “password”.

Make sure you choose a good strong password that contains a mix of upper and lower case characters, numbers and symbols. A good password should be at least 8 characters in length contain at least one upper case letter, one lower case letter, one number and one symbol.

Just like choosing a poor password opens you up to attack so does using a common username such as “admin”, “test” and “administrator”. Make sure that your username is unique and why note use a similar method to creating a password when it comes to creating your username.

Password. Computer security or safety concept. Laptop keyboard w
Choosing the right password or username is half the security struggle

Always Use The Latest Versions of WordPress, Plugins and Themes.

We mention and harp on this a lot but you really need to make sure that your WordPress core, your plugins, and your themes are kept up to date at all times. We recommend looking at updating these items at least once a week and if you do not have time to do this yourself then pay someone else to do it for you.

We have written quite a good and easy to follow guide for this here https://conceptualcreative.com.au/wordpress-website-maintenance-tasks/ and we encourage you to get started on your website updates as soon as possible. 

Change Your WordPress Admin URL

One of the simplest ways you can work to secure your WordPress website is to secure your login by changing the admin URL. There are a wide range of plugins available to help you change your login URL. By default the WordPress login URL is yourwebsite.com.au/wp-admin

Because this login URL is a default address it is common for hackers and bots to look for it. Whilst you may think changing that URL may only slow them down in actual reality most scripts simply skip over your site if they don’t find the login page at that address.

Two-Factor Authentication

By adding a 2 factor authentication option to your login you can easily add yet another layer of security to your website. This type of authentication means that to log into your website you will need a username, a password and typically a code generated by a third party app on your phone or via email.

This effectively means to log in your will need to have your phone or email access to complete the login process. This makes it much harder for a hacker to utilise a brute force attack on your website. This is all due to the hacker also needing access to your phone or email in order to log in. There are many options for this and a simple search for two factor authentication on the WordPress repository will provide options.

Fingerprint authentication
Businessman placing finger on his smartphone to get access to websites

Purchase an SSL Certificate

Make sure that your website incorporates and SSL certificate in order to protect all data transmitted to and from the website to the browser. This will help to protect your clients data as they input it on the site, It will help with SEO as Google and other search engines now frown upon insecure sites, and it builds Trust and Credibility.

Most website hosts now provide free SSL certificates as part of your hosting plan however we do recommend that you look at purchasing your own premium SSL certificate. Whilst the free certificate is adequate for most website types a premium SSL certificate is critical if your site is mission critical or contains eCommerce or any other type of money collection including eLearning and membership systems. Premium certificates provide far better coverage and trust then a free certificate.

Use WordPress Security Plugins

One of the best ways to secure your website is to use a security plugin to help secure the site actively. Two of the best plugins are Sucuri Security and WordFence Security both of which are freely available in the WordPress Repository. These types of plugins will help you to perform tasks on your website such as:

  • Generate or force secure password use
  • Expire passwords and force regular password changes
  • Log user activities allowing you to see who is doing what behind the scenes
  • Malware Scanning
  • WordPress Firewalls
  • IP Banning and Whitelisting
  • Website Monitoring
  • Malicious Attack Blocking

Always Backup Your Website

By backing up your website regularly you are protecting your investment in more ways than one. Firstly you’re creating a way to recover your site should something go wrong with an update or content change. Next you’re protecting your site by having a restoration point should a hacker succeed in breaking into your site.

There are many backup plugins for WordPress including Duplicator and Updraft Plus both of which have free versions available on the WordPress repository. We recommend that you backup at the least weekly however daily backups should be taken wherever possible. We also suggest storing your backups away from your website either in a cloud storage or other storage environment. Where possible make sure your backup is kept secure by using password protection on the storage.

Man using his mobile phone
Man using his mobile phone to perform a cloud backup

Conclusion

This article is in know way a complete guide because there are literally so many different methods of applying security to your website. If you are looking for a more in depth article we suggest dropping by https://kinsta.com/blog/wordpress-security/ as this article is quite in depth and a great starting place for learning more.

In most cases your website developer should have already performed much of these tasks when they set up your website. If securing your site is something that your not comfortable doing yourself then we recommend employing a website designer or developer to complete it for you.

Martin Mills

I have been working in the website design and development space for over 20 years. During that time I have worked with a diverse range of business owners. With experience building websites for hospitality, manufacturing, health and wellbeing and many other industries.

Conceptual Creative is my business and my aim is to provide quality services, exceptional customer service and user experience to rival any. To deliver on my promise I aim to provide quality education and training to go with our website services. You don't have to be our client to learn from myself and my team.

If you find my content and articles helpful please share them with your network on social media or via email. Do you need assistance with a particular item or issue? We are here to help you.

How can I help you today?

Leave a Comment