With cyberattacks becoming all too common with increasing frequency, there’s never been a more important time to make sure your WordPress site is secure from attacks. Given the prevalence of WordPress and the likelihood of not having a secure defense system, WordPress sites can be an easy target for would-be attackers. That being said, there is no reason a WordPress site needs to be any more vulnerable than any other CMS platform. By following a few easy guidelines, you can take major steps to ensuring the security of your site. This blog post will suggest a few measures that will go a long way in preventing unwanted intruders from accessing your site dashboard.
Keep WordPress up to date
One of the first and most important steps to keeping WordPress secure is making sure you are using the latest version. WordPress regularly issues updates, one of the major components being security patches and fixes. As soon as new vulnerabilities are detected, WordPress does their best to issue security updates as soon as possible.
To make sure you are using the latest version, head over to the Updates tab on the left side of the Dashboard panel. This will let you know if you are using the latest version, and if there is an update available.
Instead of immediately installing the update, though, it is highly recommended to use a staging site to make the update, or at the very least, make a new backup of your site. Depending on what plugins you are using and how recently they’ve been updated, there may be compatibility issues with the latest version of WordPress, so using a staging site will allow you to test the new version before deploying to your live site.
Regularly update your plugins
Similar to the point above, it is also important to make sure you are always using the latest available version of your installed plugins. Likewise, using a staging site to test these updates first is always ideal. As there can occasionally be compatibility issues with plugin updates, it’s recommended to update each one-by-one, ensuring there are no changes in site functionality.
Use a strong admin password
This may seem obvious, but you would surprised how often site admins use a short and very simple password for their dashboard login.
The Users section on the WordPress dashboard allows for generating strong, random passwords, so there is no excuse for using a weak password. If you want additional security, you can check out ExpressVPN’s random password generator which can be securely downloaded for offline password generation. This way, your password is more secure since it had never been sent over the internet.
An excellent measure in securing your site is using an audting and malware scanner plugin like Sucuri. Sucuri will detect for attempted brute-force attacks, potential malware installations, blacklisting of suspicious IPs and many more powerful security features. The basic version is available for free, so if you aren’t already using this plugin it is highly recommended.
Use 2-Factor Authentication
Another step to go even further in securing your WordPress site is using the Google Two Factor Authentication plugin. This will require authenticating any new login via a second device, typically a smart phone.
Use a unique admin username
One final suggestion is to use a different admin username other than just ‘admin’. While having a strong password takes precedence over what username you use, there’s no reason to make an attacker’s job all the more easy by using a common username.
- WordPress Designer
- Top 10 Malware Removal Apps
- Backup WordPress: How to backup up your WordPress website (2018 Update)
- An introduction to PHP
- Setting up an SSL Certificate
- Using A CSS Reset For Better Cross-Browser Compatibility
- Did you just launch a new website? The ultimate guide on what to do next.
- A look at Google Chrome’s New Security Update for 2017
- Using node-sass to compile Sass files in an npm script
- An overview of jQuery Event Methods
While always deeply interested in technology since childhood, Nicholas has been involved in web development in a professional capacity since 2012, as both a front-end developer and project manager.