A recent reportpublished by security firm Sucuri shows that websites running WordPress content management system were the most hacked into in 2018.
This begs website owners to learn how to secure their WordPress websites.
“The leading cause of the infections, anecdotally, came from poorly configured plugins, modules, and extensions inside some of the more common CMSs; abused access control credentials; poorly configured applications and servers; and a lack of knowledge around security best practices”
The report highlights causes that from the experience of our practice could easily be solved by even a novice website administrator.
The other sad reality is all software has holes that hackers will always look for and manipulate.
That doesn’t save you though, as a website owner or administrator, the responsibility to secure your WordPress website from hackers squarely falls on your shoulders.
Where does one start?
Start from the basics; choose the right WordPress website host, if your host does not provide the bare minimum security your WordPress website needs, attempting any of the tips below will not save you from hackers.
When you are certain of the security your host provides you, then you do not need any technical skills other than reading and clicking, because good practice and a good security plugin are all you need to secure your WordPress website from hackers.
Stop assuming that once your website goes live, the work is done. No, when a developer signs off on your project, if your developer did not include a support plan as part of their contract, then the responsibility of ensuring your website is secure is yours.
I will help you today to take matters into your hands and show you simple things you can do to make a WordPress website secure from hackers.
For the 15 plus years we have managed WordPress websites, none of our clients’ WordPress websites have been hacked and I would like to share with you 5 of the simple things we and you too can do today to secure your WordPress website and make it hack proof or at least give hackers a run for their money.
Manage the security credentials of your website right.
The next step at learning how to secure your WordPress website from hackers is ditching the idea that every website administrator account must use; admin, administrator, your domain name for the administrator account – no, change things up, you do not need a fancy name for your administrator account, you need a name that hackers will struggle to guess.
As for the password, anything long, by long I mean 8-12+ characters, or phrases mixed with uppercase, lowercase letters, numbers and symbols. Just make it hard, really hard to guess.
You can then double it with 2-factor authentication and additionally changing the default user id for the case of your WordPress administrator account.
What’s important to note, that this applies both to your WordPress account and your hosting account.
Limit login attempts.
What I often do, is I configure the firewall to automatically blacklist an IP address that tries to login with the default “admin” username.
Users should not have unlimited attempts at guessing passwords.
Programs trying to break into your system will ideally have a lifetime to guess your password, and as I always think, unless if your password character is not on a keyboard, with enough time even the longest password can 2-factor.
Lockout a username or IP address after 2 to 3 tries.
Hide your WordPress admin area.
You do not have to stick to wp-admin as the slug for the backend of your website. If you are using the default WordPress backend, then you will be an easy victim for hackers, as this is the first place they will look at when trying to compromise your website.
You can also define when the admin area can be accessed. This should be the scheduled time you need to manage your website or add content.
Regularly Update your software
All software has issues, and that’s why software developers continually release security updates to patch the holes in the software.
Hackers tend to take advantage of outdated WordPress files, themes, and plugins. By always applying the latest update issues for your software; you will always be a curve ahead.
Secure every device you use to manage your website.
Software plugins and tools will go miles to protect your website. That does not replace the one place you would least expect a loophole could be, the devices used to manage the website.
Hackers infiltrate with ease compromised networks with malware and spyware monitoring and logging every key stroke.
Use legitimate software for both operating system and antivirus, always update software, restrict access to only those who need to, among many other tasks you need to do as part of your IT policy.
A lot of the tasks above except 5, can be accomplished easily with a plugin.
Here are some freemium plugins you can use to secure your WordPress website.
How to secure a WordPress website from hackers does not have to be so complicated.
Good practice and proper configuration of a secuirty plugin will save your website from being part of the statistics.
Securing your website is something that you can do on your own.
5-10 minutes of effort will save you from a hacker’s wrath.
And oh, before you do anything, backup your website before using any of these plugins.
Your website security should be on the top concern and you should therefore take all the precautionary steps to protect it, the cause of recovering from a hack cannot be compared to that of protecting your website.