Making sure your WordPress site is secure from hackers is important. Being hacked is no laughing matter. It can result in a loss of all your data, the collection of your personal information and that of your customers or followers, and it can put you at risk financially. Let’s look at 5 things you can do to help secure your WordPress site.
#1 Fix Any Malware Issues
Find a way to clean up detected malware issues. It’s common for blog owners to underestimate the cost of being down related to security problems or the time it takes to deal with an issue. Sucuri is a good solution for removing malware.
#2 Choose a Host Provider
If you have your blog on a server that is shared your security risk goes up tenfold. Consider the risk to your blog and then multiply that risk by the number of other sites and blogs on that server. That’s what your risk is. A dedicated server or VPS may be more than you can handle, but another good choice is WordPress hosting that’s managed. It’s certainly worth the cost as you get better security, better support, a faster site and automatic backups.
#3 It’s Time to do Some Site Clean Up
You need to keep your blog nice and tidy. Remove old plugins you aren’t using. Delete themes you no longer use. Host websites that are in development on a different server than websites that are live.
#4 Control Sensitive Data
When you are doing your site clean up, make sure you aren’t leaving behind any sensitive data for the world to be able to gain access to. Check all of your php files, because these are like road maps to your site setup and give a hacker all of the information they need to ‘bust in.’
Don’t keep your backups on the server with your site files. That’s just encouraging a hacker to download them and use them to hack your website. Disable directory browsing to stop a hacker from seeing the blog’s folders.
Be careful when you are using the CPanel file manager and having it save copies of your important files temporarily. You are much better off using secure file transfer protocol.
#5 Don’t Let Your Guard Down
This might seem obvious, but it’s not always practiced. You need to be vigilant about staying on top of everything on your site. This will decrease the risk of being hacked.
These days your WordPress website security is no laughing matter – in fact, you could say it has become downright treacherous as more and more people come to find themselves left with the devastation of a hacker. Rather than being a statistic, now is a good time to take action and do what you can to protect your WordPress site from hackers. Let’s have a look at a few things you can do.
#1 Protect Your wp-config.php
This is an important WordPress file and so you will want to make sure it is protected. You can hide it so it is not available for public view just by putting a few lines of code into your htaccess file.
order allow, deny
deny from all
Add this code and it will stop the wp-config.php file from being visible to public users and makes it harder for hackers and robots to spot.
#2 Never use “admin” to Login
One of the most common mistakes is to leave the default ‘admin’ as your login to your WordPress sight. This needs to be changed right away as this is dangerous and allows hackers an advantage. It’s very dangerous leaving ‘admin’ as your login.
#3 Use SFTP
Most people use FTP to upload their files, but you really should use a Secure FTP connection – SFTP. That way when you send your files they will be encrypted.
#4 Using the Login Lockdown Plugin
Login Lockdown plugin will make sure that you remember your password. Every failed attempt at logging in is registered along with the person’s IP address and it will block the ability to login from different IPs if the login has failed after the set number of attempts, which you control. The default setting is 3 failed logins within 5 minutes per hour. You have the control to remove the blocked IP address from the plugin panel in your WordPress dashboard.
#5 WordPress Backup Plugin
You need to have backups regularly not just now and then when you think about it. UpdraftPlus is a plugin that will do this for you and then it will send your backup to your email address and/or store it on the server. An offsite backup is wise because should your site be hacked it gives you the best chance of getting things up and run quickly.
There are plenty of things you can do to make your WordPress site more secure – these are certainly a good start!