WordPress is a popular platform for a lot of people to launch a new website. The increasing number of users also increases the number of potential threats, because it draws the attention of hackers.
Regardless how much effort, sweat and tears you’ve put into your new project, it can always fall victim to a hack. You might consider your website too small or unimportant, but hackers don’t necessarily look at the size of a website. It can be used in a botnet or other type of hack. Easy to follow tutorial with step-by-step instructions how to start a blog or how to make a website using WordPress with build in drag and drop page builder.
Many threats can be avoided rather well, simply by keeping your site’s privacy and security in check. Therefore, I’ve written an article on how to keep your WordPress site secure.
Let’s get to it.
1. WordPress Updates
WordPress is continuously working on its security defense which can be activated by updating your WordPress platform. Such improvements come from customer complaints, bug fixes or simply recommendations from their security team. In addition, hackers often exploit systems and devices through a particular vulnerability. When the vulnerability is discovered, WordPress will patch an update immediately to fix the bug.
If you don’t update your WordPress theme, you’ll be vulnerable to the threats listed above.
It’s rather easy to update your WordPress, because every time you log in to your site’s dashboard, you’ll be notified if any new updates are available. You can also change your site’s settings to automatically download and install new theme updates.
2. Website Backups
It’s beneficial to have backups of your website, so whenever you’re hit by an attack, you can go fall back to a recent backup in order to restore your website.
You’ve got 3 options to create backups.
- Create backups using a plugin
- Create backups through the cPanel of your web host provider
- Create a manual backup in a cloud storage – for the tech savvy!
For the last option, create a copy and download the “wp-content” directory and the “wp.config.php” file. Next, store both files in a secure environment in the cloud.
3. Theme Updates
In addition to always update WordPress, preferably allow automatic updates, I highly recommend allowing the same settings to automatically update your theme.
you should enable auto updates for your theme as well.
In case you’ve updated your WordPress but you didn’t update your theme, your website is still vulnerable to hackers.
4. Plugin Updates
As for most online software products, most plugins’ security defense are being tested from time to time. Especially if it’s a popular plugin, but lacks regular updates.
A lot of WordPress websites are compromised because they didn’t update old plugins or users didn’t delete old and inactive plugins.
Even if a plugin is inactive, it doesn’t mean you’re not vulnerable to threats through the holes in that particular plugin.
So, always update your plugins. And delete all the plugins you’re not using anymore.
Extra tip: install a security plugin such as Defender of Shield Security for an extra layer of protection.
5. SSL Certificate
An SSL (Secure Socket Layer) provides complete encryption of all the communication between your website and the visitors is. You can easily identify whether a website is secured by an SSL certificate from the green padlock and “https.”
Important note: I highly recommend to implement sitewide SSL protection and not just for one particular page only, because pages outside the SSL infrastructure would still be vulnerable and the data would be easily interceptable.
Most hosting providers offer SSL certificates. If not, you buy SSL protection from a third-party provider such as SSL Comodo or DigiCert.
6. Secure Your Site’s “wp.config.php”
The wp.config.php is one of the most important files of any WordPress website. This file stores all the important data of your entire site such as database, hostname, and all the login details. Without this file, your website won’t be able to run.
The first you want to do is to limit unauthorized access to your wp.config.php file. You can do this by adding the next code to your “.htaccess” file.
deny from all
Then, change permission access, so only your website has the authorization to access it. You can adjust this in the cPanel settings. If not, contact your hosting provider for technical support.
7. Firewall & Antivirus Scanner
Aside from installing a firewall and antivirus software on your PC or laptop, you should also enable these protection measures on your WordPress website.
This type of protection will shield your site from malicious threats such as viruses, malware, hackers, bots – and so on. Wordfence Security is a great solution.
Wordfence will not only shield your site, but also regularly scan your entire website for malicious software. If a threat has been identified, the tool will remove it immediately.
Your site’s security and privacy will be well-protected by following the above-mentioned steps!
Bill here from PixelPrivacy.com. My blog is all about making the world of online security accessible to everyone. I pride myself in writing guides that I’m certain even my own mom could read! Be sure to head over to my blog if you’re interested in keeping your private information just that: Private!