Basics of Securing WordPress

We here at ionadas local LLC absolutely love WordPress. It puts the power of managing a company website within the company, rather than having every little change made by a website design firm.

But WordPress is not without its challenges.

Most notable, perhaps, is security. The growing popularity of WordPress means more and more hackers are targeting sites that use it. And in it’s default configuration, WordPress definitely has some security vulnerabilities.

With that in mind (and having had to work on some hacked sites recently), I’d like to walk you through some of the ways you can harden WordPress against hackers.

Real Passwords
The biggest vulnerability is no fault of the WordPress system. Simple passwords will eventually be guessed.

No, your daughter’s nickname plus four random characters is not a secure password. You need a truly random password that includes uppercase and lowercase characters, numbers, and symbols. I like to use a site like Password Generator to create them.

You need secure passwords for all WordPress logins as well as any FTP or cPanel accounts.

Then use a password manager to keep track of the passwords and to handle logins. There are countless of these for both desktop and mobile devices.

Keep Things Up to Date
WordPress, all plugins, and your theme need to be kept on their most recent versions. Vulnerabilities are discovered and patched regularly, so the older your install are, the more likely they are to have a security flaw.

At least once per month, you should update everything on your site. If you read about a particular security vulnerability, you might want to update more often.

Sucuri
Sucuri is a free plugin that handles malware monitoring, security scanning, and incident detection. In other words, it lets you know what’s going on with your site and when hackers are attempting to do bad things to it.

Install the plugin, sign up for the free API, and set the alerts to be sent to an email account you watch closely. I use a specific Gmail account for this. Anything that comes to that account needs to be looked at quickly (and closely).

WordFence
The last (for now) step you need to take is to install and configure WordFence, a WordPress firewall plugin. They offer a free version that hardens a site quite nicely.

If you need an even more secure site, their premium version is only $8.25 per month.

These steps above will do a great deal to harden your site. While no site on the internet can ever be called perfectly secure, following this advice will make you a much less attractive target, and will likely result in hackers looking for easier pickings elsewhere.

And, if you need help setting any of this us, please give us a call at (512) 501-1875.