5 Tips for securing your WordPress business site
Update, Update, Update and Auto-Update
WordPress is constantly evolving, so daily there can be updates/patches and fixes. One of the most common ways hackers attack WordPress websites is targeting out of date versions of WordPress, plugins or themes.
There are ways to auto-update WordPress core and associated plugins and theme. We use WordPress manager that maintains these updates for you when enabled.
Remove what is not required
During the life cycle of your website, you might install numerous different plugins and themes. WordPress itself will install its default themes when they are released. We find these unused themes and plugins tend to be the things that never get updated and lead to vulnerabilities.
So we recommend removing those plugins and themes that are no longer required.
Remove the ADMIN and Secure your password
By default, WordPress will install a user called ADMIN, this is the most heavily targeted username for password guessing. To avoid this issue create yourself a new user account (firstname last initial some numbers) and set permissions as administrator. Then delete the ADMIN account.
On the new account you have created, make sure your password is secure. I know it can be a pain to have to type in a jumble of upper, lower case letters, numbers, symbols etc but in the long term it will give you peace of mind.
As you would imagine there are numerous security plugins for WordPress all which do very similar things. Blocking password guessing attempts, Blocking IPs attempting Denial of service and many of these work really well.
We recommend All in One WP Security & Firewall, it’s a great plugin has a huge amount of functionality and can really tighten up your security when it comes to brute force attacks.
Sometimes you are just going to get caught out, it happens. But its better for you to be first to know rather than the last. There are numerous Malware scanning tools out there, both free and paid. These services will monitor your website daily and scan for malware.
We recommend SiteLock, we offer the LITE version for free to all our clients and you can upgrade to the premium/paid version that offers far greater support should the worst happen.