Securing WordPress is an important factor when you own and operate a site powered by WordPress! There are some simple (and not so simple) ways to ensure your site is more secure than not. The only way to make your website 100% completely hacker proof would mean you have to take your site offline… something that just defeats the purpose of having a website!
With that said, here are a few of the easy things you can do to make your site much safer and keep you safe from hackers:
1) Keep WordPress Up To Date!
See – nice and simple! First thing to do is back up your website. Once it is backed up, make sure your site is running the latest version of WordPress. To do this, log in to your WordPress Dashboard and click on “Update now” link when a new version is available. It will be at the top of the screen in a yellow highlighted area.
2) With WordPress Up to Date, Update Your Theme and Plugins!
WordPress is the whole framework, or architecture of your site. You certainly want that to be up to date. You also want to ensure you are running the most recent versions of each of your Themes and your Plugins.
3) Get Rid of Unused Plugins!
Speaking of plugins, only use what is necessary and only keep the ones you are using. A lot of people have deactivated plugins loaded on their site. Even though they are not active, they still can provide a vulnerability to your site. Simple rule here – if it is not active, delete it!
4) No Sissy Username or passwords… EVER!
Rule #1 here – do NOT use ‘admin’ as your username. EVER! Rule #2 – use a strong password – you know something that looks like this: LJ4ecnK%0MQGLFe Yes, it makes it more difficult to remember (or even next to impossible to remember). But that is the point! It is much more difficult to hack a password like that than a password like “qwerty12345′. Your password should include upper and lowercase letters, symbols, and numbers. My passwords are at least 15 characters! By the way… a strong username like “eOWqfYqh#R7xhxD” is a GREAT idea!
5) File Permissions
This is a little more techie – Set your file and directory permissions to what they should be. Most hacks are a result of files and directory permissions that are like leaving the front door wide open! For most cases, your file permissions should be set to 644 and your folders permission should be set to 755. If you do not know how to do this, get someone who does!
6) Back It All Up
Are you making backups? Are you storing them off your server? Are you taking them frequently enough? There are various ways to do that (check out this post, Another Post About Backing Up!) just make sure you ARE doing that. Do not leave it up to your hosting company!
There are more ways to make your site secure and this surely is not ALL the ways. At least it will get you started! A Secure WordPress site is a Happy WordPress site!
Thanks for the helpful hints Paul. As a non techie I was not aware of the file and folder permission info you gave here and will check with my web helper about them.
Make sure you put them to use, Pat! Better safe than sorry!
It’s amazing how the simple precautions save so much effort later. Another is when clients don’t back up their computers- until they need that already done.
I think most people only do that once, Roy! Well, at least I hope it is at most, once!
Paul, after updating WP recently, I saw my security plugin was outdated so I innocently updated it. Well … even the plugin developer didn’t realize the updated version was incompatible with the new WP. What a mess! And thank goodness for a super web support team in the wings! I had never thought of updating plugins as risky business … but sure learned my lesson.
I cannot preach enough about the importance of regular backups! Before I update and plugins or WordPress itself, I take a backup! I hope you do the same, Sharon (and everyone else!)
Glad your support team was available! Whew! That was a close call!