WordPress website security is huge for entrepreneurs as many of us serve as our own IT department. If your website goes down, for most of us – so does our business. Because of how important our websites are, website security is a top priority. But for most of us it can seem somewhat overwhelming and many of us are not sure what to do if something does indeed happen, let alone how to prevent it in the first place.
Many of my clients ask me the question, “why are hackers trying to get into my website?”. The reason that WordPress gets hit more often is because it is really popular – for a hacker it is much easier to learn the ins and outs and loopholes of one platform rather than many. The reasons hackers are working so hard to attack your website include:
- Wanting to user your site to send out spam email
- Wanting to gain customer credit card and mailing list information
- Wanting to use your web site to download malicious software on your visitors computers
With so many hackers attempting to worm their way into websites, vulnerability (unfortunately) is inevitable. Nothing is fool proof, but there are steps you can take to protect your website from malware and even possible hacking.
Here’s our top 7 tips to Secure Your WordPress Site.
- Make regular backups of your website. There are a number of great website backups you can use, but we recommend a plug in called BackUp Buddy. BackUp Buddy will automatically do a full back up of your site as well as just the database (all the content of your site like blog articles, images and content on your pages.) You can set Back Up Buddy to do an automatic back up to a remote location such as Dropbox and Amazon S3, if you don’t feel comfortable with those options BackUp Buddy also has a storage option called BackUp Stash for a nominal cost.
- Always use the updated version of WordPress. While updating your website may seem tedious, the newest version always contains fixes to bugs, errors and has improved security measures. This is done by logging into your WordPress dashboard and clicking on the update buttons for WordPress. It is also good to update your plug ins and themes on a regular basis. I suggest going in every two weeks or so and checking. A good time to do this is when you are adding a blog article.
- Make use of security plugins. Plugins such as WP Security are extremely helpful because malware can get in through spam messages. These security plugins will help safeguard your WordPress site from spam messages with malware. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
- Change your password. Changing your password often will help safeguard your website from potential hackers. Once every three months is a good rhythm to have. The rule of thumb is to have a password with a combination of numbers, letters, symbols, uppercase and lowercase. In addition, make sure to create a WordPress login and password that is hard to guess. Because so many passwords can be difficult to remember and keep up with, a tool that I find really useful is LastPass. You just have to remember one password and LastPass holds on to the rest for easy access. Another is called KeyChain. These are great, but remember to log out of them when not in use.
- Regular Scanning for Malware. With everything that you do to ensure your site stays clear of hackers, some still might get in. Having an ongoing scanning tool can alert you if any shenanigans have happened on your site. Better yet an opportunity to get it cleaned if something happens can really put your mind at ease. Some hosting companies like Go Daddy offer this service. There are companies like Sucuri that can help you with this as well.
- Install an SSL (Secure Socket Layer) if collecting client information. If you are using your website to collect payment information, mailing list information, etc – invest in an SSL for your site and take all precautionary details of securing that information. This is probably going to scare a lot of you because many of you do this. The question to ask yourself is whether or not it is happening on YOUR site or are you using another source. For example, is your shopping cart Infusionsoft or 1Shoppingcart – then they provide the security for you. Is your opt in and eNewsletter connected to MailChimp or aWeber, then they provide the security for you.
- Computer Security. Sometimes these frustrating little pests start on your own computer. Be sure to protect it as well. Here are some suggestions:
- Create passwords to open and lock your computer when you leave your work space.
- Don’t download any files that are not from a credible site or provider.
- If you’re unsure of a file, a quick google search can sometimes help to verify legitimacy.
- Double check your computer firewall and scan your servers/computers regularly.
- Make sure to always update your anti-virus software as well.
By using these tips to secure your WordPress site you will go a long way towards making your WordPress site as secure as it can possibly be. If you have any other tips you’d like to add, please feel free to leave a comment down below. And if you found these tips helpful, please like and share.