5 Tips to Keep Wordpress Safe
WordPress is super-awesome, free and open-source... what could possibly go wrong? Well just like a Honda Civic is at the top of the "most-vehicle-break-ins" list, the fact that Wordpress is now being used by over 25% of all websites worldwide, makes it an easy target for hackers.
And that popularity comes with a cost - as hackers work to find ways to hijack sites and use them for their own nefarious goals. This includes hacking in to install spamware (software designed for sending spam in ways that hide the sender) or the more lethal malware (software that is intended to damage or disable computers and computer systems)... the reality is that Wordpress is vulnerable because it is so popular.
But that doesn't mean it can't be trusted; it's just important to keep Wordpress safe and up to date.
Like anything of value, your Wordpress website needs to be cared for and maintained in order to keep it in good working order. Taking steps to keep it updated after launch will ensure that your site is as secure as possible. Here are some tips to keep your site safe:
1. Use a unique, secure username and password.
Never use the default "admin" username. While you’re able to choose your own username when setting up a new WordPress site, be sure to pick a username that is unique. Try to avoid common usernames such as administrator, your website’s name or your name.
For passwords, it’s important to choose a complex password comprised of letters, numbers and characters. Don’t choose a password that’s similar to your username, website name or a simple word with a few changes.
2. Use Two-factor Authentication (if possible)
Two-factor authentication (known as 2FA, or sometimes 2-step verification) requires a user to login with not just their username and password, but also a unique code that’s generated for one-time-use and sent to a device (typically a smartphone).
Google Authenticator is one good example of 2FA plugin.
3. Keep Wordpress and Plugins Updated
WordPress and its plugins and themes are like any other software installed on your computer, or like any other application on your devices. Periodically developers release updates which provide new features or fix known bugs.
When a new version of WordPress becomes available, you can’t miss it, as you will see a message at the top and bottom of almost every page of your administration panel.
Look for notification icons on your Plug-ins Panel and update them.
4. Choose Your Theme and Plugins Wisely
It’s important to choose themes and plugins that are actively maintained and regularly updated. While this isn’t a guarantee of security, it should mean that if there are security vulnerabilities found in a theme or plugin, it’ll be addressed and updated quickly.
Also check the detailed descriptions of plugins, as some will be audited by third parties for security, which can help provide some peace of mind.
5. Choose a Reliable and Reputable Host
Choose well supported, secure, hosting from a reputable source. Companies like GoDaddy, Bluehost and InMotion are all hosts that we have worked with in the past and continue to recommend.
You will pay a premium for a managed hosting plan that can automatically update WordPress and key plugins, but you may want to consider this option to help keep your site secure if you feel that you won't be actively involved in keeping your site maintained.
Typical benefits of a managed hosting plan will automatically provide updates if there are known security vulnerabilities, as well as disable any plugins known to cause performance and security issues.
~ ~ ~
Even with all of these tips in place, the internet is a constant and evolving landscape that is prone to new technologies and security vulnerabilities. No system is perfect and the wide use and popularity of Wordpress make it a large target for hackers.
Eggbeater Can Help
The good news is that we are always here to help.
If you find your site has been compromised, you can contact us and we will help you work through it; our developers can assess the issue, provide an estimate on the work and get your site up and running again.
Often the issue is something small and inconvenient, and may take only a few simple steps to complete. No matter what the challenge is, we are always available to help you get through it.