Learn how to secure your WordPress site with this quick 7 point checkup.
Many authors use a self-hosted WordPress site because of the promotional benefits it offers. But is yours secure?
WordPress is without a doubt the most popular blogging platform. It offers so many features, plugins and functions that when it comes to serious blogging and book promotion, there is no better platform to use.
The advantages of being able to integrate social media sharing, add monetising options and most importantly, gain far more organic traffic from Google and Bing make the small investment in hosting fees, money well spent.
However, due to its popularity, poorly secured WordPress sites are also easy targets for hackers and scammers. Their aim is not necessarily to steal your information, but more likely to try to add or inject malware, adware or possibly viruses into your site. Preventing this from happening is not difficult, but it does mean taking a few simple precautions.
To enjoy all the benefits WordPress offers it is essential to take a few simple precautions to ensure that your site is safe from attack. The following seven simple tips will definitely save you a lot of heartaches.
1. Check your user name
On a new installation, WordPress sets the default administrator username as ‘admin’. The default username setting must be changed, and never used under any circumstances. The way to change this is easy. Add a new administrator user, and select a new username and password. Once done, delete the user with the username ‘admin’. Other usernames to avoid using are your name and your site’s name as they are too easy to guess.
2. Set a strong password
Your password is the number one defence against attack, so make it as strong as you can. Ideally, longer than 8 characters, and it should include two non-alphabetic characters, numbers and an upper case letter. It should not have sequences such as 1234 or abcd.
You should also change your password from time to time. Yes, I know it’s a pain, but changing your password every now and then is by far the best security measure you can take.
3. Remove the meta box widget
WordPress has a default meta widget that gives site visitors links to login and subscribe. Never use this widget on your site, as it is an open door invitation for hackers.
4. Don’t allow subscribers
Even though you can collect subscribers via your WordPress site, it is far safer to collect subscribers via an external email application such as Feedburner, Mailchimp, Aweber or whichever service you choose.
5. Never share your login details
This goes without saying of course. But if you need technical help with a plugin or theme, sometimes a developer may ask you for your login details. Be careful, and only do this if absolutely necessary. If the occasion arises, however, it is worth changing your password after the problem has been resolved.
6. Add monitoring and protection
Wordfence is a popular WordPress security plugin that monitors and blocks unwanted intruders. It is free and is installed on millions of sites. There is a premium version available, but for most site owners, the free version offers more than sufficient protection.
7. Back up your site files and database
There are many plugins that offer backups, and any of them are better than nothing. The most important aspect to consider when looking at ways to backup your site is that your backup files are not stored on your hosting server.
Many free plugins work like this and are not offering you much protection. If you have a problem or are hacked, your server will be where the problem occurs, so having your backups there is pointless, as you may not be able to access them.
I can recommend Updraftplus as it has the facility to store your backup files on external sites such as Google Drive, Dropbox and Amazon S3, as well as many others. The free version offers basic file and database backups. Again, there is a premium version that offers more functionality, and this is what I use as I have a number of sites to protect.
You don’t need to spend a cent to keep your WordPress site safe and secure. But the few minutes you take in checking or implementing the seven points I have listed here will be time very well invested in making sure that your site is as secure as possible.