October 4, 2016

6 ways to secure your WordPress site

It’s uncomfortable to think about whether or not your WordPress website could get hacked. Unfortunately, 73.2% of WordPress installations are vulnerable to attack, according to WP WhiteSecurity.

Experienced hackers have no trouble finding ways to exploit the vulnerabilities of WordPress and the WordPress plugins you may be using on your site. Here are some ways you can tighten up the security of your WordPress site to avoid a time-consuming recovery.

Choose the best hosting that you can afford

WP WhiteSecurity found that 41% of WordPress hacks were accomplished through a security vulnerability on the hosting platform itself. Now, you can’t manage your hosting company’s security for them, but you can pick a security-minded host. Look for hosting companies that offer malware scanning and detection of infected files. Find out if the host supports the latest version of PHP and MySQL. Check to see if they offer a WordPress-optimized firewall.

Use a strong password

If you’re worried your password isn’t very secure, creating a more secure one is a low-hanging fruit I think you should pursue. Use both uppercase and lowercase letters, numbers, and special characters for your passwords. Many hackers use brute force to break your password. Basically, a program guesses your password over and over until it gets in. A stronger password makes that more difficult.

Limit login attempts

Since hackers often attempt to break in by guessing your password, you should limit the amount of times that somebody can fail to login. There are several plugins available that allow you to set the number of attempts before a user is locked out of the site.

Keep your WordPress version and plugins updated

Failing to update to the latest version of WordPress and plugins is one way to give hackers easier access to your site. As new vulnerabilities are found in a plugin or even a version of WordPress, developers make updates to secure the platform. If you get behind on updating to the latest version of WordPress, you’re an easy target. Installing updates takes just a few minutes, and can save you days of hassle.

Use fewer plugins

The more plugins your WordPress installation has, the more points of weakness there are for a hacker to exploit. If you aren’t using a plugin or a theme that’s still installed, delete it. Consider ways that you could use less plugins if you find you have a large number of them.

Change your login page URL

By default, the login page to WordPress is your URL followed by /wp-admin. Everyone who’s used WordPress for a while knows this, and so do hackers. There are many plugins available that will help you quickly change the location of your login page. This task only takes a couple of minutes and can be an effective first line of defense for your site.

Nobody wants to think about their website getting hacked. But if you spend a bit of time thinking about the weak spots in your site, you’ll be able to strengthen them and make it harder for a hacker to get in.

Share this Article


Reader Interactions

Leave A Reply


Sign up for our monthly newsletter and receive our free guide on successfully subcontracting to developers. Our newsletter will keep agencies up to date on the latest WordPress and SEO news that could impact their client’s websites.