I’ve been building WordPress sites for over 10 years, back in the days when WordPress could legitimately be described as a blogging platform not the all-encompassing internet publishing platform it is today. Even so I will still hear many website owners complain about WordPress security.
The thought is that an open source script is vulnerable to all sorts of attacks and vulnerabilities. This myth has been perpetuated by paid for platforms such as Joomla, Magento, Square Space and Wix with very little evidence to back it up.
The lack of built-in WordPress security is a myth. In fact, often it’s the other way around – WordPress websites are much more secure than their online brothers and sisters; particularly as they are not relying on one security development team to foresee all possible issues and fix problems. Instead you have a community of literally millions of people working on refining and improving the code.
So why has this myth remained. Well in my opinion, largely bad website managers and owners are to blame.
The amount of supposedly managed WordPress websites for Business I access for the first time to find some 6 months’ worth of updates, bad passwords no security measures in place to prevent blunt force attacks is mindboggling.
If you are paying for managed hosting there are a few simple checks you can perform to see if you’re host is taking your cyber security seriously or is simply crossing their fingers and hoping it won’t go wrong.
3 TIPS TO CHECK IF YOUR WORDPRESS HOSTING PARTNER KNOWS WHAT THEY’RE DOING
Do you access your WordPress Dashboard from XXXXX.com/wp-admin?
One of the easiest ways to prevent a brute force attack from bots is simply to move the access page, so it’s not the default. Remarkably easy and will prevent the vast majority of snoopers and bots from attempting to access your control panel.
Is your Login Password actually complicated?
If your login password is not a random string of numbers, letters and characters and is instead something ‘easy to remember’ you are asking for trouble. If it was set by yourself, you’ve only got yourself to blame but if it was set up your web developer or host, you have to ask whether they are taking cyber security seriously.
Do you login to a sea of red circles?
If the first thing you are hit with when you log in to your website is a list of updates to plugins, themes and your WordPress core this should be your biggest warning yet. Like all computers and software systems if you don’t do the updates and keep the security settings valid, don’t be surprised when it all goes wrong.
If the answer to any of these was not what you were looking for why not contact Wiser Websites about our fully GDPR compliant, managed website hosting, with military grade secure servers based in the UK, all from just £25 a month.