In my last post I tried to debunk some of the myths about WordPress; now I thought I’d share some of my tips on WordPress security.
1. Set up a website lockdown feature and ban users
A lockdown feature for failed login attempts can solve the huge problem of continuous brute force attempts. Whenever there is a hacking attempt with repetitive wrong passwords, the site gets locked, and you get notified of this unauthorized activity.
2. Use your email to login
By default, you have to input your username to log into WordPress. Using an email ID instead of a username is a more secure approach, and allows you to set long and more complex usernames that are not as easy to guess as ‘Admin’ or ‘James’ for example.
The reasons are quite obvious. Usernames are easy to predict, while email IDs are not. Also, any WordPress user account is created with a unique email address, making it a valid identifier for logging in.
3. Set strong passwords for your database
A strong password for the main database user is a must since this password is the one WordPress uses to access the database.
As always, use uppercase, lowercase, numbers, and special characters for the password. Passphrases are excellent as well, longer sentences which are easier to remember.
4. Add user accounts with care
If you run a WordPress blog, or rather a multi-author blog, then you need to deal with multiple people accessing your admin panel. This could make your website more vulnerable to WordPress security threats.
5. Automatically log idle users out of your site
Users leaving wp-admin panel of your site open on their screens can pose a serious WordPress security threat. Any passer-by can change information on your website, alter a person’s user account, or even break your site altogether. You can avoid this by ensuring that your site logs people out after they have been idle for a certain period of time.
6. Adjust your passwords
Play around with your passwords and change them regularly to secure your WordPress website. Improve their strength by adding uppercase and lowercase letters, numbers, and special characters. Many people opt for long passphrases since these are nearly impossible for hackers to predict but easier to remember than a bunch of random numbers and letters.
And, okay, we all know that the above is what we “should” do, but it’s not always something we have time for. This is where some quality password managers come into play. They will not only generate safe passwords for you but then store them inside a secure vault, which will save you the hassle of having to remember them.
7. Make backups regularly to secure your WordPress website
No matter how secure your WordPress website is, there is always room for improvements. But at the end of the day, keeping an off-site backup somewhere is perhaps the best antidote no matter what happens.
If you have a backup, you can restore your WordPress website to a working state any time you want. There are some plugins that can help you in this respect.
8. Update regularly for WordPress security
Every good software product is supported by its developers and gets updated now and then. These updates are meant to fix bugs and sometimes have vital security patches. WordPress, and its plugins, is no different.
Not updating your themes and plugins can mean trouble. Many hackers rely on the mere fact that people can’t be bothered to update their plugins and themes. More often than not, those hackers exploit bugs that have already been fixed.
So, if you’re using any WordPress product, update it regularly. Plugins, themes, everything. The good news is that WordPress automatically rolls out updates for its users, so you’ll receive an email notifying you of the update and information on the fixes in your dashboard.
As for the plugins, these must be updated manually by going to Plugins in your dashboard. When a plugin has a new version, it notifies you and provides a link to update now.
As an alternative, you could opt for a managed WordPress hosting plan such as those offered from Wiser Websites.