8 Tips to Improve your WordPress website’s security

Around the world hackers seem to be stepping up their attempts to breach the security of websites and WordPress websites seem particularly at risk.    All of our websites have additional security measures to protect them and we are notified of any security attempts.   Just today we’ve had a notification that a hacker in Russia has tried to login to one of our client’s websites.   They’ve had no success thanks to our security measures but its a stark warning of the threats out there.

Now if you are new to WordPress we don’t want you to worry.  A few simple measures will often do the trick and the hackers will move on to find easier sites to hack.

So how can you protect your WordPress website?  Well here are some top tips to help you.

1. Use an obscure username to login. This is our top tip. Please make sure that your username is NOT ‘admin’. The Russian hacker that we mentioned earlier tried to login with this username.  If you use ‘admin’ as your username all the hacker has to do it guess your password.   You’ve just effectively given them half of the login details already.   Equally if you use a blog and show your nickname as the author make sure that your login name is different to the nickname shown.  Otherwise once again you’ve just told the world what your username is and made life a lot easier for hackers.

2. Keep up to date backups. Back up your database regularly. (It’s under Tools, Export). It’s also worth backing up the entire website.

3. Pay for good quality web hosting. Cheap hosting often means poor security and even your best attempts at WordPress security are a waste of time if your web host isn’t keeping up to date with their security.

4. Keep your version WordPress up to date. Look for Update notifications and update when requested. Each updated version has additional security patches. It is often the older versions of WordPress which are targeted by the hackers.

5. Don’t ignore plugin updates either. If you are not accessing your Back Office regularly then use an update plugin which will update the plugins regularly and save you the hassle.

6. Make sure your password is secure.   So many of clients ask if the password can be their ‘usual one’.  This is often their child’s or pet’s name!   It  is bad practice to use the same password everywhere.  We suggest searching in Google for ‘secure password generator’ to help you to create a very secure password for WordPress.

7. Check that your username isn’t listed in the Author Sitemap. To do this go to Users and click on Edit to check each account. Scroll to the bottom and make sure to tick ‘Exclude from Author Sitemap’.

8. There are many, many security plugins available which help to add extra layers of security. Its definitely worth installing ones of these plugins just be aware that you can experience some incompatibility with other plugins. So its good practice to test your website and all its functions after installing a security plugin.

If you are new to this then please don’t get too stressed out. These measures will help a lot 🙂 We see a LOT of clients and very few encounter security issues. Those that do usually had easy to guess passwords or had made the mistake of not updating their software or plugins.