fbpx
Wordpress Security

Keeping your WordPress Website Safe

For anyone who has had their WordPress website hacked, they know just how unpleasant that can be – including getting unlisted from blacklists to going through the process of cleansing the site of malware, trojans and viruses, which is an expensive, specialist exercise.

And for those who have lost their content through lack of backups this is perhaps even more heart-breaking and soul destroying.

So here’s a brief article on how you can take steps to avoid this happening to your WordPress website.

Prevention is better than cure

OK, so you’ve created or employed a web designer to build your WordPress website, but has it been secured? If not, the good news is it’s not too difficult, but you will need to:

  • Create strong passwords
  • Install a security plugin
  • Install a backup plugin

Create Strong Passwords

This is important from the get-go. But first a few words about user names.

WordPress used to create a default user name of “admin” and all you had to do was enter a password during the installation process. However, this was a gift to hackers intent on breaching your security. Knowing the vast majority of website owners would keep the default user name the hacker only had to crack the password using dictionary/brute force hacking techniques.

A few years later, WordPress dropped this practice and now a self-chosen user name is also required to replace the now defunct default “admin” one. Just don’t use “admin” as your user name! And if there is an “admin” user on your system replace it with a different user name.

Cracking passwords is a major method of breaching WordPress websites so having a strong one is vital – check out our article on creating strong passwords.

Install a security plugin

We recommend and use Wordfence as our security plugin and for those of our clients. This plugin has a Web Application Firewall (WAF) to protect your site from a variety of attacks.

Furthermore, you can set it up to notify you when an update to a plugin or theme is required, so you only need to check for updates when Wordfence notifies you of one, instead of logging in every day to check for them.

This is particularly useful as updates need to be implemented asap to avoid hackers exploiting known vulnerabilities in plugins and themes, which happens more often than you may think.

And used in conjunction with the premium version of Updraftplus, this will take care of backing up themes and plugins before you carry out an update. This is vital in case an update causes a malfunction on your website – it can and does happen occasionally. Being able to restore the backed up “old” plugin or theme could mean you saving your site being unavailable while the update issue is resolved.

Install a backup plugin

We recommend and use the premium version of Updraftplus as our backup plugin and for those of our clients. A backup is not a backup unless it’s automated and backup automation only comes with the premium version of Updraftplus.

Set up the plugin to backup your database, plugins, themes and uploads on a rolling 30 day period, and when it comes to updates the software will automatically backup your plugins and themes before you carry out the updates, saving you the hassle of manual backups.

Need help?

If you would like help in setting up and configuring any of these plugins please contact Kamila on 01522 797520 and she will arrange for a member of the team to get in touch – we even have a fully-managed backup and updating service if you prefer.