5 Must-Read Security Tips to Protect Your WordPress Website

Sep 4, 2014

No website is 100 percent safe from attacks by a determined and resourceful hacker, but by implementing a handful of basic security measures you can greatly reduce the chance of losing control of your WordPress website. Many successful attacks are made possible by the complete absence of any security procedures, and even a modest effort to protect your WordPress site will keep you safe from all but the most sophisticated and determined hackers.

Tips to Protect WordPress Websites

Don’t Make Enemies
Some online attacks can be traced to people who feel that they have been slighted by you in some way. While the old adage that you can’t please everyone is still true, you can discourage many attacks on your site by simply following another time-tested adage: do unto others as you would have them do unto you.

  • Always treat employees fairly and honestly. Like an ex-spouse or partner, hell hath no fury like an ex-employee scorned. Many ex-employees have an insider’s knowledge of your business operations that can be used against you if you give them enough motivation.
  • Respond to all customer complaints and criticisms promptly and professionally. Don’t give away the store, but try to give your customers the benefit of the doubt whenever possible.

Perform Backups on a Consistent Basis
Should a malicious hacker manage to slip through your defenses or your website host suffer a serious technical failure, you can quickly restore your WordPress site with a minimum of fuss and expense as long as you regularly back everything up.

  • Be sure to back up your entire database as well as all of your files. Your most important files, especially financial transactions, should be backed up on a daily basis.
  • Store your backup in a secure location. For added protection, you might consider a triple-redundant method of storing your backup data: one copy of your data stored on-site for easy access, another burned to a portable media storage device and stored off-premises, and a third backup sent to a secure third-party storage provider.
  • Don’t rely solely on your hosting provider for backing up and storing your important data. A glitch anywhere in their system could disrupt your entire operation.

Don’t Use the Default WordPress User Admin Account
The admin account is automatically created for each WordPress installation; hackers know all about this and can use this vulnerable “side door” to gain access to your website. Be sure to either delete or change your admin account username. Ideally your password should

  • Consist of a minimum of 8 characters.
  • Include a special character such as a question mark or an exclamation point.
  • Contain at least 1 number.
  • Be composed of a combination of upper and lower case letters.

Keep Your WordPress Site Updated
When you receive a notice of a WordPress version, theme or plug-in update, be sure to update your website with the latest release. These updates address important security and functionality issues that will help keep your site running smoothly and securely.

ithemes security plugin

Add the iThemes Security Plugin to Your WordPress Site
This quick-install plugin can be downloaded at wordpress.org/plugins/better-wp-security/ and provides you with more than 30 ways to harden your site against attack.

  • Fix common holes and block automated hacker attacks.
  • Detect hidden 404 errors that can hinder your SEO efforts.
  • Works on all WordPress sites.