8 Best WordPress Security Tips to Lock the Bad Guys Out
WordPress is one of the world’s leading content management systems and powers more than a quarter (28 percent) of all sites.
Its simplicity, intuitiveness, and user-friendliness provide an ideal platform for web publishing.
Unfortunately, using WordPress can also open the door for cyber attacks. In fact, 73.2 percent of the most popular WordPress installations have vulnerabilities, which can make it an easy target for hackers.
So how do you lock the bad guys out and keep your site secure at all times?
Here are eight of the best WordPress security tips that we recommend.
1. Keep Your Site Up-to-Date
Just like with a computer, failing to keep your WordPress site up-to-date can create security issues. This is a bigger problem than you may think because only 39 percent of WordPress sites are using the most current version.
Taking the time to stay current with WordPress updates gives you a huge advantage from a security standpoint and generally makes your site less vulnerable. Besides updating the core system, you’ll also want to stay current with any themes and plugins you’re using as well.
Just click on “Updates” near the top left-hand corner of your dashboard to see if there are any specific updates you need to make.
2. Use a Secure Admin Login
A brute force attack is one of the most straightforward ways for an intruder to gain access. This is where a hacker will simply experiment with different variations of usernames and passwords until they find the right combination.
An easy way to secure WordPress is to ditch the default “admin” login and use something more complex. Otherwise, a cybercriminal has already won half the battle.
3. Use Best WordPress Security Password Practices
Most hackers tend to go for the low-hanging fruit and follow the path of the least resistance. In many cases, this means cracking the password to gain unauthorized entry.
Believe it or not, 81 percent of attacks are the result of unsecured or stolen passwords, making it the primary tactic used.
Therefore, it’s essential to follow password best practices such as the following:
- Use a minimum of eight characters
- Use a variety of uppercase and lowercase letters, numbers, and symbols
- Never use the account holder’s name or personal information
- Set limits on password age (90 days is a good number to shoot for)
4. Use Two-Step Authentication
Two-step authentication is a process that asks for two different pieces of information before a user can gain access to your WordPress site. Although there is an extra step required, which is a bit less convenient, it’s something that I highly recommend.
Why?
It greatly reduces the odds of an unwanted third-party logging in. Even though modern cybercriminals are quite sophisticated, two-step authentication helps creates friction to stop them, making it an excellent deterrent.
The best part is that this is fairly easy to implement, and there are multiple plugins you can use with some of the more popular ones being Duo and Google Authenticator.
5. Set a Limit on Login Attempts
If a user can’t get the correct admin and password combination within two or three attempts, something is fishy. In this case, someone has either made a mistake, or a hacker is trying a brute force attack.
Fortunately, there’s a plugin for that–Login Lockdown. It’s easy to use and enables you to choose how many login attempts are allowed before a user is locked out.
On top of that, it makes a record the user’s IP address and time stamps every failed login, which you’ll have for reference. We find this to be huge for creating a more secure WordPress site.
6. Check the Security of Plugins Before Installing
There are thousands upon thousands of WordPress plugins to choose from, which is a big part of this platform’s appeal. While this allows you to create a robust, fully customized website, it can also create security problems.
More often than not, a plugin will be secure, and you can install it worry-free. However, some are just flat out sketchy, and installing one is inviting trouble.
That’s why we suggest examining the following before you install a new plugin:
- Look into the developer’s credentials
- Look at the reviews and rating
- Look at the number of active installations (the more the better)
- Check the last update (the more recent the better)
7. Use the Google Search Console
Google Search Console is a free service that many people use for SEO. But it also serves another purpose.
It can help you create a more secure WordPress site. Whenever Google Search Console spots any potential security issues, it will automatically notify you so that you can promptly address the situation and ensure that it doesn’t happen again.
8. Disable the WordPress Plugin and Theme Editor
Again, the level of personalization makes WordPress a popular platform. But this can be a double-edged sword, especially when it comes to the ease in which an admin (or supposed admin) can make critical changes to your database.
Case in point is the WordPress plugin and theme editor. Anyone with access can go in and add, edit or delete code, which can be dangerous. Even with good intentions, this can screw up your database and create site usability issues. Or worse, someone can inject malicious code.
That’s why it’s wise to disable this feature by adjusting your WordPress security settings. One of the easiest ways to go about this is to go to your “wp-config.php file” and add the following piece of code:
define( ‘DISALLOW_FILE_EDIT’, true );
Or for a more comprehensive tutorial, we suggest checking out this guide from ThemeSkills.
Fortifying Your Site
WordPress is the go-to platform for many people who are looking to create a professional website but don’t necessarily have a ton of development chops.
Unfortunately, this comes with some inherent security vulnerabilities, which should be on your radar. Following these best WordPress security tips should help you cover all of the angles so that you can keep the bad guys out and run your site with more peace of mind.
Need to maximize the exposure of your Michigan business in search engines? Get in touch with us today.