Make Your WordPress Website More Secure
Recently I’ve been having a lot of notifications that people are trying to log into my website by guessing the username and password. Needless to say, I’ve been doing a lot of research into how to make my website more secure. I thought I’d share with you what I’ve learned.
Here are 8 things you can do quite easily that will go a long way to keep your WordPress website more secure:
Choose reputable themes & plugins.
There are a lot of themes and plugins that are available but just using any old theme or plugin could cause allow someone to be able to access your website through a deliberate vulnerability or just bad coding. So when you’re looking for a new theme or plugin, make sure it’s up-to-date and compatible with the latest version of WordPress, read the reviews and check the ratings.
Update WordPress, themes & plugins regularly.
Themes and plugins are updated regularly, often it’s because there has been a functional improvement made but sometimes it’s because a vulnerability has been found and fixed. It’s important to keep everything updated as themes and plugins are designed to work with the latest version of WordPress, which is also probably the most secure.
Delete unused themes & plugins.
If you have themes or plugins that you’re no longer using, delete them. They’re serving no purpose and because you’re less likely to update things you’re not using, they can become less compatible and develop security holes. They also take up space, probably not a huge amount, but hey, it’s nice to be tidy.
Use WordFence.
WordFence is a plugin that gives you an extra level of security on your site. It keeps an eye on your site 24/7 and lets you know when there are issues that need your attention, from plugins that need update through to who is accessing your site and how they got there. It provides a heap of tools to help keep your site safe, and it’s worth checking every now and then to see what else is available.
Don’t use the admin username.
Change it to something more relevant to you and your site and at the same time make it more difficult for hackers and bots to hack your login.
Use a good password.
I seriously shouldn’t need to be telling you this, but use a password that’s a combination of uppercase & lowercase letters, numerical and symbol characters. Also, don’t use it for anything than the WordPress installation. If you have a problem remembering passwords, use a password manager.
Use Two Factor Authentication.
I used to use 2FAS Light – Google Authenticator which worked well for me and I’d definitely recommend it. But Two Factor Authentication recently become available in WordFence, so in the interests of using as few plugins as possible, I’ve switched to that.
Backup regularly.
It’s really important to regularly backup your website, it won’t make it more secure, but if something goes wrong it will make recovery MUCH easier. Your website host will probably do it for you, but it’s a good idea to do it yourself as well. I use a plugin called Updraft Plus, and a lot of others recommend Backup Buddy. Both allow you to save your backup
to locations both on your computer, and in the cloud.
If you do all, or even most of these things, your WordPress website will be far more secure and less attractive to people who might want to take it over.