For most, keeping a WordPress site secure is not a top priority.
It is only when your website gets hacked do you realize the importance of keeping your WordPress site secure. WordPress is known for being one of the most user-friendly website platforms available online, but out of the box WordPress is a popular target for hackers and spammers.
According to WP White Security, more than 70% of WordPress installations are vulnerable to hacker attacks and the total number of hacked WordPress websites in 2012 was a whopping 170,000. This figure is growing every year.
You may be wondering why anyone would want to attack your website, particularly if you have a low traffic website; however, the vast majority of hackers are not looking to steal your data or delete important files. What they want to do is use your server to send spam emails.
I know what you are thinking — this sucks! Yes it does. Now let’s review the best and easiest things you can do to make your WordPress site secure. Before we dive in know that the easiest way to solve this is to host with Sunny HQ. Securing your site will take time and energy away from your business and that means money. So check our plans and let us show you that securing your site is our specialty.
1. Cut Back on Plugin Use
You should delete plugins and themes you’re not using. But it’s worth noting that you should make an effort to limit the total number of plugins you install in the first place. To keep your WordPress site secure, you need to be scrupulous in the criteria you use to select plugins.
2. Don’t Download Premium Plugins for Free
Though I totally get what it’s like to be a business person on a budget, it’s just a bad idea overall to try to download premium plugins from anywhere other than where they are officially for sale.
3. Consider Automatic Core Updates
If you’re running an older version of WordPress than what is current, all of the security flaws in the version you’re running is common knowledge to the public. That means hackers have that info, too, and can easily use it to attack your site.
4. Set Plugins and Themes to Update Automatically
Typically, plugins and themes are things you’ll need to update manually. After all, updates are released at different times for each. But again, if you’re not someone who makes site maintenance a regular thing, you may wish to configure automatic updates so everything stays current without necessitating your immediate intervention.
5. Eliminate PHP Error Reporting
Beefing up your site’s backend security has a lot to do with closing the holes or weak spots. Now, if a plugin or theme doesn’t work correctly, it might create an error message. This is definitely helpful when troubleshooting, but here’s the problem: these error messages often include your server path.
6. Protect Your Most Pertinent Files Using .htaccess
If you’re into WordPress security at all, you’ve heard of the .htaccess file before and have likely accessed it. Still, the changes you make in this one file can have such a huge impact on your entire site’s security, I can’t leave it off the list.
9. Hide Author Usernames
If WordPress defaults are left intact, it’s really easy to find out each author’s username for your site. And since more often than not the main author of a site is also the administrator, it’s also easy to find out the admin’s username. Which isn’t good. Anytime you’re giving away info to hackers, you run the risk of seeing your site compromised.
10. Obscure the Login Page
Though security that focuses on obscurity isn’t complete, it’s still an important part of your overall strategy. After all, hiding certain elements of your site won’t prevent hackers from accessing them, but it’ll make it harder for them to get to. And that’s good, right?
11. Host Your Website with a Good Hosting Company
With 41% of hacking attempts being caused by a security vulnerability on a hosting platform, it pays to host your website with a good quality hosting company. Look for a hosting company that places an emphasis on security. One that has:
- Support for the latest versions of PHP and MySQL
- Is optimized for running WordPress
- Includes a WordPress optimized firewall
- Has malware scanning and intrusive file detection
- Trains their staff on important WordPress security issues
And this is just the beginning
I know you get the idea. This is not as simple as it sounds. Ok. it doesn’t sound easy either. That is why we started Sunny HQ. We are a great hosting company that includes all the services you need to keep your WordPress site safe and secure. If you’re looking to leave your website worries behind, check out our WordPress care plans or drop us a line.