WordPress so popular that it makes up just over 25% of all websites on the internet today. Because of this, it naturally draws a lot of attention from hackers and other internet deviants. WordPress itself is very secure and the majority “hacks” occur from badly coded plugins, themes and just lack of awareness on the part of the site administrator. Using only “admin” as a username and using easy to guess passwords. Leaving your own personal computer open to hacks. Not updating your WordPress files. I’ve had some clients who hadn’t updated for years saying they were scared of “messing up the site”.
The #1 cause of stolen WordPress login credentials actually comes from when PC’s are comprised. Hackers install what’s called a “keylogger” which sends a report back to the hacker of everything that was typed on their victim’s computer. This often includes website login information, bank information, email logins and everything else. Here are some free ways to secure your computer.
Another common overlooked issue is your web hosting company itself. Do they stay updated with the latest recommended software? Some cheap hosts will often not update because they don’t want to pay for the appropriate software licenses on their end. Even worse, some of them might use stolen/pirated versions which puts everyone at risk. Make sure you use a qualified WordPress web host. The best affordable WordPress host that offers standard complete daily backups is WP Engine. If you can spend a little more for performance and security, I highly recommend them.
Just in case your site is compromised, it’s good to have a backup copy of your database which has all of your site’s crucial information. Most good web hosting companies will back up your site for you either on a daily, weekly or monthly basis and if you aren’t sure, send their support a message and ask. If you’re really dedicated, you can check out my more in-depth WordPress Backup lesson where I show you how to backup your database and website on an automatic schedule.
Check your website’s file permissions to make sure the crucial files are not write-able to the public. I get a little long winded in this video and in most cases, your site after WordPress installation will have the correct file permissions. Certain themes and plugins may ask you to modify file permissions to work properly. Just make sure if you need to make certain files write-able, you ONLY modify those files. Where people get in trouble is when they make full directories write-able which can open your site up to hackers.
The following training I focused more on off-site security like how to setup and protect your computer and how to check your WordPress file permissions on the back end. The following videos will be more about what you can do on the front end of your site to keep it protected.
WordPress is a very secure platform and releases security updates and fixes on a regular basis. You’ll want to make sure your WordPress software is updated as well as your plugins and themes.
To take things a step further, I like to use a plugin called All In One WP Security and Firewall. It’s a free plugin that gives you an easy to follow graphical interface to help you secure your website.
Another simple plugin I like to use is called File Monitor Plus. It monitors your core WordPress files and alerts you if there are any changes attempted. The plugin hasn’t been updated in awhile however because the structure of WordPress’ system files hasn’t changed much, there haven’t been many updates needed.
In my last video I talk about my other favorite free security plugins for WordPress: BulletProof Security, WordFence and
Better WP Security (Now called iThemes Security). While these plugins do favor slightly different security functions, I advise you to only use 1 as using multiple plugins can slow your site down and possibly conflict with each other.
These tips along with following good general security guidelines will help you keep your customer data and website safe and stable. Like I’ve mentioned before, WordPress itself is very secure. From my experience working with clients, the #1 cause of hacks and problems usually stem from actions of the user. Choosing obvious passwords and usernames, installing infected plugins and themes from suspicious sites, not updating site files and not securing their login devices. Be a little proactive with security and you shouldn’t have too many issues.