Ten+ top tips for keeping your WordPress website secure
Top tips on how to make your website more secure and less hackable much like having an alarm system and sign on your home, it does not stop an attack but will put off potential hackers. They will generally move on to an easier target. It is your responsibility to ensure the security of your website. If you do get hacked or have malware installed, you may be blacklisted at server hosting level and or by Google. If you are in any doubt, use a competent web partner.
1. Original username – do not use the default Admin or Administrator.
2. Original password, use a mix of letters and numbers, caps and special characters. Change this every so often.
3. Limit login attempts to three.
4. Keep WordPress platform up to date – always.
5. Keep any plugins up to date. ONLY use plugins that have been well tried and tested, with great reviews.
6. Ensure that hosting software is kept up to date and can support your updates..
7. Hide wp-config and .htaccess. *Do this only after taking a backup. remember to do regular backups.
8. Employ a security agent like Sucuri to keep your website clean. Using their firewall is a good idea.
9. Use two factor authentication or the Google Authenticator. It is more cumbersome because it asks for a username and passowrd and a pin number that is sent to your phone. Your biometric identification may do for this.
10. Limit back end permissions to staff members to the very minimum they need. Keep the admin priviledges to the Webmaster and company owner or relevant person with responsibility for website security.
Note: Unless totally necessary, disable comments totally.
Is website security your responsibility? Who is responsible?
If you have a website, then someone needs to take responsibility for its security, just as you would your building or your fleet. In the event that you do get hacked, you may lose the website totally or have to have it cleaned and rebuilt. But worse it could damage your reputation if it is used nefariously. You will lose your Google ranking and may even get black listed. Plus the waste of time required to attend to fixing it, could have been avoided by putting some simple protection in place.
Any questions, drop us a line. And if you do want someone to take some responsibility we offer a website support service HERE for peace of mind.