Do you really need to improve WordPress security?
WordPress security is less complicated than it used to be. That’s not to say that security is no longer a concern for WordPress website owners.
Just the opposite, actually. Security issues are a constant concern for the developers of WordPress and the entire WordPress community.
To combat security threats, there are many plugins and online services available to help make your website more secure and less vulnerable to hackers and malware. I discuss those options elsewhere, but I want to lay a foundation for WordPress security here. There are some basic things that any website owner/manager can do to improve WordPress security before adding plugins and services.
Here are some foundational aspects of WordPress security upon which to build a stable website security strategy.
1. Anti-virus Software
Keep your computer(s) virus free. I mean every device you use to login to your WordPress site. If you don’t, you risk passing on viruses to your website’s server.
Ideally, find a solution that protects all devices you have that connect to the internet (Windows, Mac, Android, iOS, etc.). Some good options include BitDefender and Kaspersky.
2. Good Web Hosting
Whether you are just starting your WordPress website or you have been at it for a while, make sure you have good web hosting. All web hosts are not created equal. Web server weaknesses actually account for a high percentage of security problems.
For small WordPress websites on a budget, you can get secure, well-supported hosting from companies like HostGator* or SiteGround*.
3. WordPress Plugins & Updates
Whenever WordPress updates come out, install them. Minor updates are usually security patches and should update automatically.
Also, make sure you use plugins and themes that stay current with the latest WordPress updates. If they don’t, consider finding another plugin that performs the same function. Or else consider doing without the plugin.
If you are no longer using a plugin, delete it. Otherwise, it may provide an opening for hackers to get in.
4. Strong Passwords
Make sure all users (especially Administrators) have very strong passwords. Beware of thinking, “It would never happen to my website” or “I need a simple password I can remember.” It only takes one security breach to slow down your business.
Here’s what the experts at WordPress.org say about choosing a good password:
- Do not use any form of your real name, username, company name, or name of your website.
- Do not use any word found in a dictionary, in any language.
- Do not use a password that is too short (use 8 or more characters).
- Do not use numeric-only or alphabetic-only passwords (a mixture of both numbers and letters is best—and adding some symbols is better).
Don’t use the same password for every site you login to. This can be a pain, I know. But if hackers find your password for one login, that will be the first thing they try for another site you login to using the same username.
Keep passwords difficult. If you have trouble with passwords, consider something like this Password Generator or a managed service like LastPass. You can find a good review of password managers here.
Start Building your WordPress Security Strategy
These four areas will immediately improve WordPress security for your website. Once you have laid a good foundation, you can begin building on that by further hardening your WordPress installation. You can further improve WordPress security by adding services like Sucuri* and plugins like iThemes Security.
Here’s a helpful graphic that goes into a bit more detail:
About Steady Digital
We provide a WordPress maintenance plan to ease concerns like:
- Is my website performing at peak performance so visitors get the best experience possible?
- Do I have regular backups of my website in case something happens to my web server?
- What if my website gets hacked?
- How can I get up-to-date, professional training so I can use my website better?
- Who can I trust to do the updates that are beyond my technical or creative abilities?
Tired of trying to maintain your own website? A WordPress maintenance plan might be the solution for you.
* Denotes affiliate link. If you a make a purchase through these link, I may receive a commission. You will not pay more by clicking these links; the partner company pays the commission for recommending them to you.