How to Secure WordPress from Hackers
How to Secure WordPress from Hackers
If you want to secure WordPress from hackers, here are some things you can do. If you’re technically challenged, you may not want to read this article. But you SHOULD before you lose your website. Knowledge is power, right?
Using WordPress to design your site is great because it gives us small business owners flexibility to update it easily without hiring a coder or web developer. But it is vulnerable to attacks. So, what can you do to secure WordPress from hackers? Here are six ways on how to secure WordPress from hackers. Note, there are a lot of other ways you can secure your site as well.
Keep Several Backups
Your hosting company usually keeps some backups for you. But what happens if the stars align perfectly and you happen to lose your site (guilty) and don’t have a backup? You can lose everything. And yes, as hard as it is for me to admit, I lost my site once when those beautiful stars aligned perfectly and never recovered 100 pages – but that is another story and it won’t ever happen again. So don’t just rely on your hosting company for your website backups.Don’t just rely on your hosting company for your website backups especially if they are just backing up once a week.Click To Tweet
You can run your own backups with Duplicator, but it is somewhat technical although it has great reviews. VaultPress for business costs between $99/year and $299 and you’ve got 30 days of backups. You must go into your backup and download it to your computer on many of the options. There are other plugins as well that you can use to backup.
Have your hosting company run a backup for you and keep it on your computer and on your own backup system. If you host your site on SiteGround (they’ve been great so far), purchase or upgrade to their Grow Big package and you’ll have 30 days of archived backups. GoDaddy also has 30 days of backups for WordPress installations, although I don’t use them for hosting WordPress.
Oh and before you make any changes to your WordPress website’s backend, make sure you do what? Backup!
Don’t Use Admin for Your Username
Oh my gosh, I’ve seen this so many times: many web developers or do-it-yourselfers use admin. Make your username difficult and NEVER, ever use admin. Use a random password generator like Norton, Comparitech, or LastPass. Use a combination of numbers, symbols and capitalization and make it longer. Same goes for your password. Make them difficult.Make your WordPress username difficult and NEVER use admin as your username. Click To Tweet
Check All Plugins Before Installing
You may have read in 2015 about the WordPress plugin vulnerabilities that opened up websites to being hacked. Be cautious when installing plugins for your WordPress website – check them out. Use the WordPress plugin search to find out information and ratings.
Is it compatible with your version of WordPress? What do the comments say about the particular plugin? How many positive ratings does the plugin have? And how many reviews does it have?
And checking them out, doesn’t guarantee that they won’t eventually be open to vulnerability, but it does help. In 2015 even one of my favorite and highly regarded plugins – Yoast SEO had some problems. But they immediately addressed them and created a patch. But I’ve even purchased plugins where the developer does not update them and eventually I’ve had to delete them.
Oh and note that plugins may slow your site down.When considering plugins for your WordPress site, check out ratings and compatibility with your version of WordPress before installing. Click To Tweet
Update Your WordPress Version
WordPress releases new versions and you should be updating yours. You’ll be notified when you are logged into your admin panel or by your hosting company. Make sure you backup your site before you update. I’ve also run into problems with some sites that I’ve taken over from other web developers. I quit updating one of my customer’s website because we had to change so much of the coding after each WordPress version update as the site wasn’t coded properly to begin with. So, I’m in the process of creating a new WordPress site for them. What a shame because they paid a fortune for it.
Update Your Plugins
From your admin, you’ll see a notification number if your plugins need updating. First backup and then I suggest that you update one at a time and check everything out. If you don’t check things out, then you’ll have to test each plugin individually should something break. Once I updated a plugin and I lost part of my toolbar, so it does happen.
Also, if you update some plugins, you may have things “break” in your site. Which means that you may have to restore one of your backups should the plugin not be compatible or remove it. And again yes, it happens. Notice I have a few that need updating noted by the “5” right next to “Plugins”.
Change Database Prefix
Your database stores your posts, pages and media files and is vulnerable to being hacked. You should change this when installing your website or before you publish. Here’s a step-by-step tutorial and video from WPBeginner on how to change your database prefix. It’s technical, so contact Kick A or have your web developer do this.
How have you secured your site? What have you found that works? Have you had any problems with WordPress security? How have you secured your WordPress from hackers? Comment below please!