Your lovely WordPress website is sitting there looking all gorgeous and behaving functionally, but how secure is it? Is it nothing more than hacker bait?
The latest figures say that 23.4% of all websites are built using the WordPress platform, which makes it worthwhile for hackers to spend time looking for weaknesses and ways to gain unauthorised entry.
There millions of people who aren’t even thinking about the security of their sites, and they make juicy targets. Is your site one of them?
There are ways to secure your website from hackers and they aren’t difficult. Here are a few simple steps that you can take to safeguard your website security.
Run the latest software.
How long is it since you’ve had a look behind the scenes at your admin panel, other than just to load your blog post?
Your website needs to be updated regularly to the latest versions of software and plugins available. The same goes for your theme, too. The older your software, the more easily it is able to be hacked, and once a hacker is in, he can do what he wants to with your site.
It’s not hard to update especially now that your dashboard shows you which items need work. Just remember to back up your site before updating.
Use a security plugin.
Many attacks are by brute force where an automated system keeps trying to work out your password, and attempts to login multiple times. I like Wordfence which limits the number of login attempts anyone can have and blocks their access to the site. There is a free and a pro version of the plugin but for $39 per year, the price is nothing compared to peace of mind.
Don’t use ‘Admin’ as your login name.
Admin is the standard name which WordPress gives the site administrator and hackers know this. Once they have the username, all they need to do is work out the password and they are in. Create a unique user name to log in with. If you are presently signing in with ‘Admin’ simply create a new user, give them admin rights and sign all your posts over to the new name. Then delete the Admin persona.
Choose a strong password.
The name of your great-aunt’s cat isn’t good enough. Use a mix of letters, numbers and symbols, upper case and lower case letters, and try to avoid including an actual word within the mix. A hacker’s script can easily work out a word, but a random mix will take much more effort. Your admin panel will tell you if your password is weak or strong.
Don’t worry about trying to remember the password. You can use something like LastPass or Dashlane to manage your passwords and keep them safe.
Check your site with Sucuri.
Sucuri will check your website for “known malware, blacklisting status, website errors, and out-of-date software.” It’s free, although there is a more advanced paid version, and it’s worth scanning your site on a regular basis.
Of course, there are things you can do within the coding of your site, but it’s best to leave that to the experts. Talk to your webmaster about how she or he can help.
The key to website security is your attention. Don’t stop working on your site just because it looks good. Check the back end, update regularly and be watching for anything that seems strange.
WordPress is a brilliant platform to use. It’s up to you to work with it to keep your site secure.