WordPress is the most popular CMS (Content Management System) used by almost 75M websites.
According to WordPress, over 409M people view more than 23.7B pages every month. In the same time users produce about 83M new posts and over 44M new comments each month.
Unfortuantely, according to statistics from 40,000 websites in Alexa Top 1 Million, more than 70% of WordPress websites are vulnerable to attack.
With that in mind, here are some top security tips to help you protect your WordPress website.
Tip #1: Apply Login Attempts
Brute Force is one of the most common hacking attacks. Limit login attempts by using plugins like Login Lockdown so they aren’t given the ability to use this attack on you.
Tip#2: Avoid Using Many Plugins
If you have excess plugins lingering on your website get rid of these fast. They are like open windows on your property letting predators into your website.
Tip #3: Back Up Your Website Often
It doesn’t matter how secure your WordPress site is – always have a backup. There are several plugins available that help here or consult a professional.
Tip#4: Consider automatic Core Updates
Running an old version of WordPress? By not updating your website you are privy to many attacks and security loopholes and are making yourself a target to hackers. You can add a few lines of code into your wp-config.php file so your website automates major core updates for you. Update now!
Tip#5: Delete Plugins & Themes You Are Not Using
Deactivating plugins isn’t enough! You must DELETE these to reduce the possibility of a hack.
Tip#6: Don’t Use Admin as your username
“admin” is the most common username on WordPress and hackers try to perform brute attacks on these specifically. Luckily this is an easy fix in the WordPress database!
Tip#7: Eliminate PHP Error Reporting or Turn Off DEBUG Mode
If one of your plugins isn’t working correctly, it displays an error message publicly. Error messages are definitely helpful for the website owner while troubleshooting however these can also reveal sensitive information like the full server path. Add this code below in your wp-config.php file to eliminate PHP error-reporting:
Tip#8: Enable Two-Factor Authentication Login
One of the smartest ways to secure your WordPress website is by adding Two-Factor Authentication (2FA).
Tip#9: Make Sure All Scripts, Plugins and Themes are Up to Date
Keep your WordPress plugins, scripts and themes up to date! Add this code below to automatically update plugins and themes:
Tip#10: Use HTTPS
Secure your website traffic on your WordPress website with a SSL Certificate.
As you can see there are a range of topics and options you can employ to ensure your website remains secure. Remember to stay up to date on security protocols and measures by reading blogs like ours and keeping your ear to the digital grindstone!
To read more click here.
We were referred from colleagues of ours. Not only have we been amazed at the depth of understanding, we found ourselves working with a team of friends.