With cyberattacks becoming all too common with increasing frequency, there’s never been a more important time to make sure your WordPress site is secure from attacks. Given the prevalence of WordPress and the likelihood of not having a secure defense system, WordPress sites can be an easy target for would-be attackers. That being said, there is no reason a WordPress site needs to be any more vulnerable than any other CMS platform. By following a few easy guidelines, you can take major steps to ensuring the security of your site. This blog post will suggest a few measures that will go a long way in preventing unwanted intruders from accessing your site dashboard.
Keep WordPress up to date
One of the first and most important steps to keeping WordPress secure is making sure you are using the latest version. WordPress regularly issues updates, one of the major components being security patches and fixes. As soon as new vulnerabilities are detected, WordPress does their best to issue security updates as soon as possible.
To make sure you are using the latest version, head over to the Updates tab on the left side of the Dashboard panel. This will let you know if you are using the latest version, and if there is an update available.
Instead of immediately installing the update, though, it is highly recommended to use a staging site to make the update, or at the very least, make a new backup of your site. Depending on what plugins you are using and how recently they’ve been updated, there may be compatibility issues with the latest version of WordPress, so using a staging site will allow you to test the new version before deploying to your live site.
Regularly update your plugins
Similar to the point above, it is also important to make sure you are always using the latest available version of your installed plugins. Likewise, using a staging site to test these updates first is always ideal. As there can occasionally be compatibility issues with plugin updates, it’s recommended to update each one-by-one, ensuring there are no changes in site functionality.
Use a strong admin password
This may seem obvious, but you would surprised how often site admins use a short and very simple password for their dashboard login.
The Users section on the WordPress dashboard allows for generating strong, random passwords, so there is no excuse for using a weak password. If you want additional security, you can check out ExpressVPN’s random password generator which can be securely downloaded for offline password generation. This way, your password is more secure since it had never been sent over the internet.
An excellent measure in securing your site is using an audting and malware scanner plugin like Sucuri. Sucuri will detect for attempted brute-force attacks, potential malware installations, blacklisting of suspicious IPs and many more powerful security features. The basic version is available for free, so if you aren’t already using this plugin it is highly recommended.
Use 2-Factor Authentication
Another step to go even further in securing your WordPress site is using the Google Two Factor Authentication plugin. This will require authenticating any new login via a second device, typically a smart phone.
Use a unique admin username
One final suggestion is to use a different admin username other than just ‘admin’. While having a strong password takes precedence over what username you use, there’s no reason to make an attacker’s job all the more easy by using a common username.
WP Engine’s Staging Area – Making security updates easy!
WP Engine have made it easier for developers to complete backups & security updates with their amazing one click “copy to staging” tool.
Here are six ways that this feature provides more to a WordPress developer than what other hosting providers had to offer:
Troubleshooting Theming Issues
WP Engine’s staging area makes it easy to test theming issues. Now if something does go wrong on the live site, we can revert to the last backup and start troubleshooting on the staging site, all without affecting the live site.
Simplifying Plugin Conflict Resolution
While plugins certainly have their place in the WordPress ecosystem, there are also good reasons to limit their use. With the staging area, though, we can troubleshoot conflicts and remove/update individual plugins, without worrying about the live site being affected.
Stop Worrying About Server-Side Caching
Server-side caching is a great tool for the end user, but for a developer it can become a nightmare, slowing down both initial development and testing.
With the staging area, we never have to worry about caching. When a page or element is ready, we can show the client right on the staging site without worrying that they might see an older version of the page.
The Ability to Test Import Files
It’s always a scary moment when importing files such as blog posts, products, or other types of data onto a website. Now we always test file imports on the staging site first so that we don’t have any unpleasant surprises..
Risk-Free PHP Editing
Sometimes you just have to edit PHP files or functions in WordPress. These are often files crucial to a site’s functions, and incorrect editing of them can cause severe if not permanent damage. With WP Engine’s staging site, we are able to work with these files without any risk of damage.
Redefining Test Pages
We’re always paying attention to the analytical data of our clients websites to see how we can improve performance. One way we do this is by looking at a client’s analytic data and then make suggestions that adding a page or editing a page’s functions could improve the way people interact with the site.
WP Engine’s staging area allows us to create a test page and then do user testing to make sure we are making a good decision.
To conclude, WP Engine’s staging area helps our business to run more efficiently and to minimize risk to our clients’ sites. It’s just one of the reasons we recommend WP Engine to anyone who is running a WordPress site.
- WordPress Designer
- Top 10 Malware Removal Apps
- Backup WordPress: How to backup up your WordPress website (2018 Update)
- An introduction to PHP
- Setting up an SSL Certificate
- Using A CSS Reset For Better Cross-Browser Compatibility
- Did you just launch a new website? The ultimate guide on what to do next.
- A look at Google Chrome’s New Security Update for 2017
- Using node-sass to compile Sass files in an npm script
- An overview of jQuery Event Methods
While always deeply interested in technology since childhood, Nicholas has been involved in web development in a professional capacity since 2012, as both a front-end developer and project manager.