If you have ever had your website hacked then you would be quick to make sure your blog is extra secure. For the record, I have not had any of my websites hacked (yet), but have heard plenty of horror stories and would rather not go through what other folks have. It is extra important that you do all that you can to keep your site secure since WordPress is an extremely popular, open source software which makes it even more susceptible to malicious attacks.
Here I will share some quick and easy WordPress security tips to make sure your site is protected from getting hacked.
Make Sure Your Web Host is Secure
Not every web hosting service is the most secure and, in reality, one of the main ways to get your WordPress website hacked is to have a vulnerable web host (think “free” web hosting services and extremely cheap hosting).
When shopping for your web hosting service, try not to go with the one who is just the cheapest. Choosing a web host is one of the most important decisions you will make when building your website so do plenty of research before choosing. My recommendation is GreenGeeks since they are reliable, cheap and give you a free domain name for life, but there are plenty of other great web hosts to choose from.
It is always worth paying a little more and preventing headaches down the road, than simply purchasing the cheapest service you can find.
Don’t Go Plugin Crazy
I know it can be tempting to install all of the ‘cool’ plugins you can find to better your website’s functionality. This isn’t a good idea for a variety of reasons, the most obvious being that it can slow down your website, it can also conflict with your theme or other plugins (thus messing up your blog) and some plugins, especially the free plugins, may have buggy code that can be exploited to do serious damage to your WordPress site.
When installing plugins do a bit of research and look at the rating, the last time the plugin was updated (typically you shouldn’t be installing older plugins that haven’t been updated for a long time) and the user reviews to see what other WordPress users are saying.
There is a reason WordPress is always updating. It is an open software and needs to constantly address real or potential areas where it may be vulnerable to malicious attacks. If you choose, for one reason or another, not to update to the latest version of WordPress you are opening yourself up to a hack.
Hackers love praying on older WordPress versions that already have their security issues known, don’t let them, update as soon as you see the notification to do so.
Have A Secure Administrative Username
Before the 3.0 version of WordPress, the default username for WordPress was simply named “admin”, which is incredibly easy to guess. Some people, even after WordPress 3.0, still use admin as their username.
It’s easy to do, just make sure your administration account is not something like “admin” or some other easily guessable word. Same with the passwords.
Limit The Amount of Login Attempts
When it comes to hackers or some malicious bot attempting to crack into your website, it is a great prevention method to make sure you limit the amount of attempts someone is able to use when logging in before they are blocked.
A great and free WordPress plugin to achieve that task is the Limit Logins plugin, which has been downloaded over 700,000 times and has a solid 4.8 / 5 rating. This plugin does what its name suggests and limits the amount of times someone can fail at logging into your website before they are locked.
With the plugin you are able to set a few things like the amount of times someone can enter a failed username or password before being blocked and email notifications when someone is blocked.
Protect Your Blog With VaultPress
There are lots of backup / security services available for WordPress blogs. The most popular and reputable is VaultPress (who I use) since they are owned by Automattic – the same guys behind WordPress.
The great thing about VaultPress is that they aren’t all that expensive, the basic or ‘Lite’ plan is $55/year or $5/month. If your website is extremely important to you, either because you dedicate a lot of time to it and/or you make money off of it, then having some sort of backup and security is a must.
Avoid Free WordPress Themes
The one thing I normally don’t worry about is the security of my theme. This is because I use a secure, premium theme instead of a vulnerable free WordPress theme. If you do go premium, make sure you buy from a known developer. For me, I use MyThemeShop which are known for feature rich and reliable themes.
The reason Free themes are bad at security is because many are poorly coded and have encrypted spam links and possible injections that can insert malware. In fact, ever since the notorious Google Penguin update (which crippled more than a few websites), Google has gone the lengths to penalize websites that have encrypted or spam links.
Why risk getting penalized with bland, free themes? Now if your website isn’t one that you plan on monetizing or dedicating a lot of time to, then free themes are probably an appropriate option.
These are only some of the basic techniques you can employ to keep your WordPress blog secure and I highly recommend you use some (or all) of them. Better to prevent hacks now than have to deal with a security breach down the road.