If you’re a small business owner, then chances are you have a dozen things on your mind and you’re probably not focused on keeping your WordPress site safe and secure. WordPress security should be a top priority since WordPress sites are quite vulnerable to hackers; approximately 70% of them. If your website is vulnerable, you could be in major trouble. Thankfully, we’ve identified some ways for you to keep your WordPress site safe and secure.
Keep WordPress up-to-date
One very important way to protect your WordPress site is to keep it up-to-date. Hackers are constantly working to find vulnerabilities in a site’s security system. As they find flaws, the WordPress development team will respond by fixing them before anyone can take advantage of the flaws. In a way, it works like an arms race. Hackers find issues, WordPress responds by increasing their security, and then hackers respond by finding new vulnerabilities.
A large reason why so many websites are vulnerable to hackers is that site owners don’t bother to run updates often. The website management plans we offer at Growfio include us taking care of your WordPress updates so that you won’t ever have to worry about keeping your WordPress site up-to-date.
Keep themes and plugins up-to-date
Let’s go over the importance of keeping your themes and plugins up-to-date. Over 50% of WordPress plugins are vulnerable because they aren’t kept up to date. Out-of-date WordPress plugins are vulnerable to a either a security breach or something breaking.
To update your themes and plugins, login to your WordPress site and click on ‘Updates’ under the Dashboard tab. If you’re having trouble locating the updates page, in your browser type in your website URL followed by /wp-admin/update-core.php (ex. www.mysite.com/wp-admin/update-core.php). From there, check off everything you want to update and click the ‘Update’ button.
Limit login attempts
By default, WordPress doesn’t limit the number of login attempts by a person. Usually, websites will prevent you from logging in after a few times if you fail to enter the correct password, but that isn’t the case with WordPress. This is a major issue since hackers and bots won’t give up after failing a few times. They have sophisticated tools that can continually guess your password until they get it right. So, if you want to keep your site secure, you need to limit the number of attempts. There are multiple plugins out there which allow you to limit login attempts.
Run security scans
If you care about WordPress security, then you really should invest in security scanning services. Our website plans include top-of-the-line security services that will help protect your site from vicious hackers, viruses, and other threats to your website. At Growfio, your website’s safety is our top priority.
Change your password often
A lot of people make the mistake of never changing their passwords. This is an issue because you can never be completely sure your password hasn’t been leaked somewhere. Your computer could have picked up a virus that copied your password and now someone else is in possession of it (they just haven’t gotten around to trying to hack your site yet).
People who use one password for multiple sites are especially at risk. Some websites don’t have great security and can easily be hacked, which means your password would in the hands of a hacker who can use it on your other accounts and sites. Please make sure your change your password every few months, or once a month if you want to be really safe. We recommend using password generators such as LastPass, for when you need to create a strong, hard-to-crack password.
Don’t use ‘admin’ as your username
If a thief were trying to break into your safe, would give them half the combination? Of course not. The same logic applies to WordPress security. WordPress gives every primary account the default username of “admin.” If you think about it, this has essentially given every hacker half the information they need to compromise your website. Since WordPress won’t allow you to change your existing username, go to the ‘Users’ page and create a new administrator account for yourself. Once you’re done, sign into your new account and remove your other “admin” account.
Add user accounts with care
Giving too many people administrative access to your WordPress site is a surefire way to make it more vulnerable. When it comes to adding different accounts, do it with the utmost care. Make sure you give certain accounts the access they need to do whatever their job is. Different access levels are controlled by user roles, which are explained well in this WordPress article.
With that being said, make sure you have one login account per person. It’s not a good idea to share a login account between other users, just in case you need to recover you account. If anything ever goes wrong, you can reset passwords and remove accounts from phpMyAdmin.
Have a firewall on your server
A firewall is a great tool to help protect your website against password brute force attacks and denial of service attacks. Setting up a firewall isn’t easy, but thankfully there are numerous firewall services out there for you to take advantage of.
Have managed hosting
Managed hosting is a service where your web hosting is setup, monitored, and maintained by a company. Having managed hosting is one of the best ways to keep your WordPress site secure. A study found that over 40% of all WordPress sites were hacked due to security issues in their hosting platform. So, make sure you find a good host which can guarantee the safety and security of your site.
Backup your website often
Regularly backing up your website is important. If your site is ever compromised, you’ll want to restore it from a backup so that you can be in full control. Create a consistent backup schedule, such as once a day, and follow it. You’ll be thankful you did if anything ever goes wrong.
Growfio’s website plans include everything you need to keep your WordPress site safe and secure. We’ll manage your web hosting, backups, firewall, updates, and more so that you can rest easy knowing your website is in good hands.