If you are serious about your website, then you need to pay attention to the WordPress security best practices.
I have created a list of 8 quicks actionable steps that you can take to protect your website against security vulnerabilities.
- Update WordPress Core, Themes & Plugins
WordPress websites usually get hacked are due to out of date WordPress core, plugins, or themes. Most updates fix bugs, add new features, and secure any vulnerabilities. I understand that you are a busy business owner and that is why I have created monthly ongoing support packages that will keep your website updated without you even needing to think about it.
- Update your password to something strong & secure
Having a strong password for your website is your number one defense system to protect your website against attacks. Be sure to use a random password generator for your next password.
- Delete & rename the default ‘admin’ account
The number one most used username on WordPress is ‘admin’. This is the first username a hacker will try to crack. To keep yourself safe create a new admin account using ‘yourbusinessname_admin” or something similar and delete the old ‘admin’ account.
- Make sure your website has an SSL certificate (HTTPS)
Without having an SSL Certificate installed you are putting your customers at risk of having their data stolen. Don’t know what and SSL is or know if you have one? Get in touch and I’ll help you out.
- Install a security plugin (we recommend WordFence)
It is important that you have a security plugin installed on your WordPress website to protect you against attacks and provide notifications if they suspect anything suspicious on your website. I recommend using WordFence, I use this on my website and all my client’s sites and have never had a problem.
- Delete all unused Themes & Plugins
Hackers use vulnerable unmaintained plugins and themes to attack users’ websites. There is no reason to keep these unused assets so remove these files.
- Use a reliable hosting provider
Website hosting is one of the key components of every successful website. You need a host that patches against common WordPress-related exploits. I provide WordPress hosting that does this, you can learn more here.
- Limit the rate of login attempts
Stop hackers from being able to guess your password over and over until they get it right. Limiting the failed login attempts will lock a user out if they entered the wrong password more than the specified time. Here is a plugin that will help.
If you need help with any of these tasks please send us a message!