Security is a vitally important thing when you’ve got a business for your website. After all, you don’t want to have your business compromised by hackers. If you’re using WordPress, you’re already a target for hackers. Because WordPress powers 26.4% of the web, hackers are more likely to target WordPress websites. In fact, in 2012 more than 117,000 WordPress installations were hacked. Plugins are supposed to make your website look and function better, but they are the biggest source of vulnerabilities for WordPress. Five of the top 10 plugins on WordPress are the most vulnerable, and have been downloaded around 21 million times. One of those is a security plugin. Doesn’t really seem all that secure…
Just hang on a second before you panic and go and delete your WordPress website. There are solutions. Here are five simple ways you can make sure you don’t get hacked, end up with a dodgy plugin and can keep your website secure:
1. Cut back on plugins
All those plugins that you’ve installed to help the function and aesthetic of your website might actually be doing you harm. Delete any plugins you aren’t using or that your website can function without. If you’ve downloaded any premium plugins for free, delete them. Right now. It’s understandable that some people can’t afford to fork out and pay for a bunch of premium plugins, on top of other costs of the website. But these pirated plugins will probably be full of malware. That just gives hackers direct access to the backend of your website.
Not only will this decrease your security risk, it will also make your website run faster. Having lots of plugins will slow down your website’s response time, and as a result have a negative effect on your SEO.
2. Set up a website lockdown
A website lockdown is a great security measure anyone with a WordPress website should use. If there is a hacking attempt, the website gets locked and you will get notified of the unauthorised login attempts.
Plugins such as iThemes Security bans hosts and users with too many invalid login attempts. It also undertakes many other tasks such as scanning your site to report vulnerabilities, banning troublesome agents or bots, and strengthens server security, to name a few. Limit Login Attempts is also another one worth checking out. This plugin limits the rate of login attempts for each IP address. After the limit is reached, the internet address will be banned from making further attempts, making hacking a lot more difficult.
3. Change your admin username
The same reason you wouldn’t have an easy password (seriously, if your password is “password” or “1234”, go and change it now), you wouldn’t have “admin” as your admin username. If your username is admin, then all hackers have to guess is your password and then they’re into your website.
If your website is already installed with the username “admin”, then there are easy ways to change it:
- Create another admin user: register another user, give them admin permission, login with the new username and delete the old “admin” username.
- PHPMyAdmin: login to your cPanel, and select PHPMyAdmin. Next, select your WordPress database and select the wp_users table. There, you can edit your “admin” user, and change the user_login field to another username of your choice.
4. Hide author usernames
While we are on the topic of usernames, here’s one not to change your “admin” username to. As stated by DreamHost, the primary author of the website is generally also the administrator of the website. This means all hackers have to do is see your author name on the website, and then guess the password.
5. Log dashboard activity
So you trust your employees working on your WordPress website. But it’s still a good idea to track dashboard activity. WordPress websites are easy to break, and this way you can track what went wrong. This means you’ll be able to see if that plugin you installed was the reason your site just crashed. WordPress automatically logs this type of information, but it’s not always the easiest to understand. The best option is to download a plugin which will show you whether it was a file, code or plugin that caused the problem with your website. Some plugins that will log dashboard activity include:
There are many other steps you can implement to ensure your WordPress website is secure. However, these are just a few security tips you can put in place instantly. You don’t even need advanced technological knowledge to understand how to do it. These tips are a step in the right direction to making sure your website remains hack free.