Press Release

Simple Tips To Secure Your WordPress Blog/Website

Dec 29, 2015   //   by admin   //   News Updates  //  No Comments

Even if you’ve done next to nothing to improve your site’s security, it’s likely that you have at least a cursory familiarity with some popular tactics. It’s also likely you’ve heard of a plugin or two that can get the job done. We’re not going to be talking about those things today, however.

This article is going to focus more directly on the ways you can secure your site’s admin, and more specifically than that, the ways that aren’t discussed over and over in every list out there. Because security is seriously important.
As WordPress continues to grow as a platform, security is not something you should neglect.
As WordPress continues to grow as a platform, security is not something you should neglect.

Did you know 73% of the popular sites that use WordPress were considered “vulnerable” in 2013?

Or that of the top 10 most vulnerable plugins, five were commercial plugins available for purchase?

Worse yet, one of those five plugins was actually a security plugin, which is just, well, pretty awful.

While the core installation of WordPress is very easy to use and relatively secure, the more you add on top of it via plugins, themes, and custom code, the more likely it is to be hacked. And the more users you add to any given installation, the likelihood increases further, still. That’s bad news all around for individuals and businesses, alike.

With that in mind, let’s spend some time today exploring the 12 ways you can secure your site’s backend to ensure your information (and that of your customers’) remains safe.
What You Should Know Already

I know I just said that I wasn’t going to talk about the more commonly referenced security solutions here, but just in case someone reading this isn’t well-versed in WordPress, I’d be remiss if I didn’t at least list them out. Even if you’re a WordPress pro, having this list to refer to can be helpful as you set about implementing security strategies on your sites.

Keep WordPress up-to-date. Something so simple can have a big impact on site security. Whenever you login to the dashboard and see that “Update available” banner, click it and update your site. If you’re worried about something breaking, make a backup before installing it. The important thing is that you do it, and with regularity. Information about any security holes that were fixed from the previous version are now available to the public, which means an out of date site is all the more vulnerable.

Keep plugins and themes up-to-date. Just as you update the WordPress Core regularly, you should also update plugins and themes. Each plugin and theme installed on your site is like a backdoor into your site’s admin. Unless properly secured (vetted thoroughly, updated regularly, etc), plugins and themes are like an open door to your personal info.

Delete any plugins or themes you’re not using. Along the same line of thinking as what’s listed above, getting rid of any plugins or themes you don’t need will reduce the likelihood of being hacked. If you’re not using them, you’re not going to want to update them, so it’s a much better idea to delete them. Read: Deactivating plugins isn’t enough; you must actually click “Delete.”

Only download plugins and themes from well-known sources. When you can, downloading plugins and themes from WordPress.org is actually your best bet since they will have been thoroughly scanned before being admissible to the Theme Directory or Plugin Directory. If you want a premium theme or plugin, only download them from reputable sources like Themeforest or from a highly respected developer’s website.

Change file permissions. Avoid configuring directories with 777 permissions. You should opt for 755 or 750, instead, according to WordPress.org. While you’re at it, set files to 640 or 644 and wp-config.php to 600.

Don’t use “admin” as a username. If you’ve already installed WordPress using “admin” as your username or something else very simple, you can change it by inputing an SQL query in PHPMyAdmin or by following the instructions laid out in our latest post on the subject.

Change your password often (and make it good). Random strings of letters and numbers are best. If you don’t feel like coming up with something manually, you can use a password generator to accomplish the task like Norton Password Generator or Strong Password Generator.

Leave a comment