how to keep your wordpress site more secure

how to keep your wordpress site more secure

how to keep your wordpress site more secure 1000 300 digital devotee
Cybercrime is part of the daily reality for any site owner. Hackers create malicious automated bots that continually seek ways to access sites and enslave your servers to run programs (cryptocurrency mining etc.), steal your customer data – and no they don’t care if you don’t have any data – they’ll try anyway, or take over your site to run dodgy ads.
Keep Your WordPress, Themes + Plugins Up-to-date

It’s critical to keep your core WordPress files and all of your plugins updated to their latest versions. Most of these updates contain security patches that address recently discovered issues. Cybercriminals spend all their time looking for loopholes so you should spend some time plugging them!

Usernames + Passwords

This is simple stuff but I can see from all the accounts I manage that hackers do continuously try to access sites using the default user name “admin”. Never keep this as a username to your WordPress site because it’s like leaving your door unlocked! Same goes for passwords – use a strong one not “123456”! You could use a whole sentence or try the G rated Dinopass Strong Password generator.

Use a Good Host

Having a host that is optimized for WordPress is going to help you a lot in fending off basic attacks. I use SiteGround which provides a lot of built in security and offers a free SSL certificate and CDN and has a server in Singapore. Even without security software I saw a dramatic reduction in approaches.  WPEngine is another good choice and has a server in Taiwan.

Install a Security Plugin

I use Wordfence which specializes in protecting WordPress websites. It will help you monitor activity like failed logins, code injections, out of date plugins, blocked IPs. They have an endpoint firewall and malware scanner that keeps many of the nasties away.

Incident Response Preparation

Even perfectly responsible site owners who follow every security guideline in the book need to prepare for the possibility of a critical security incident.

Log Your Website Events

After you’ve been hacked you’ll probably be asking who did this?!  What will help an investigator figure that out is your server access logs. Make sure your host is set to save those.  How long should you save them?  It really depends on how actively you monitor your site and what your industry/regional requirements are (get legal advice).  I have mine set to save a month’s worth because I actively monitor my site and it’s unlikely that something would go unnoticed for longer than that.

These logs provide a dataset that can be used to establish a timeline of events leading up to and during an attack.  By identifying the activity taking place and its source, it can be possible to determine the scope of the compromise.  That intelligence is how you can know whether an attacker had access to your users’ data or if you simply fell victim to a defacement campaign, and being able to confidently disclose these details to your users can be crucial in dampening the impact to your business’s reputation following an attack.

Make Backups of Your Site

While your host may keep a backup or two it’s imperative that you keep a number of backups of your entire site (files and database) in a location that isn’t connected to your site.  Sometimes an attack may have started a while ago without visible effects so you may need to roll back to a previous version.

Know Who Needs to Do What

Who is the person or team in charge of responding to security incidents?
Which other parties need to be involved in which situations?
What defines success in your response?
Are there any mandatory steps that legally need to be taken?

Taura Edgar

I am a digital marketing professional based in Hong Kong since 1998. I have developed and led digital teams to grow brands and have a wide background in strategy, conception, art direction and production for digital projects.

All articles by: Taura Edgar
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

    For performance and security reasons we use Cloudflare
    required
    Google Analytics tracking code disabled/enabled
    Google Fonts disabled/enabled
    Google Maps disabled/enabled
    video embeds (e.g. YouTube) disabled/enabled
     
    View our TERMS OF USE
    Our website uses cookies mainly for analytics and content like YouTube. Define your Privacy Preferences and agree to our use of cookies.
    Skip to content