WordPress is hugely popular and understandably so. It's the most popular Content Management System tool (CMS). In fact, approximately 35% of the websites on the internet use it, which works out to roughly 455,000,000 websites. According to Quantcast, of the top 10k of websites, WordPress holds a 38.03% market share. In other words, WordPress is even more popular among highly-trafficked websites. However, only ⅓ of all those websites are running the latest, most secure version of WordPress.
So you've got a WordPress website but you're concerned with its security. Not to worry you, but your concern is justifiable. However, by the end of this article, you'll have the tools to significantly improve the WordPress security of your website.
- Update your theme and plugins
- Use strong passwords
- Change the default web address to login
- Use a security plugin
- So what's next?
Update your theme and plugins
Let's begin with a basic but a must to WordPress security. WordPress is an open-source software, which is regularly maintained and updated. By default, WordPress automatically installs minor updates but for major releases, you need to manually initiate the update.
However, WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers, which regularly release updates as well. No doubt your website is running a number of plugins and at least one theme (unless you're using Oxygen Builder). Making sure you keep these up-to-date is crucial.
By staying up-to-date, you’re decreasing the chances of any wannabe hackers causing any issues exposing loopholes or weaknesses that have now been fixed. It’s simple, easy to do so do it right now. Check your website, and make sure your plugins and theme are on the latest version.
Use strong passwords
This one may seem pretty straightforward, but sadly, it's still often missed. The most common WordPress hacking attempts to use stolen passwords. You can make that difficult by using stronger passwords that are unique for your website. Not just for the WordPress admin area, but also for FTP accounts, database, WordPress hosting account, and your custom email addresses, which use your site’s domain name.
Many beginners don’t like using strong passwords because they’re hard to remember. The good thing is that you don’t need to remember passwords anymore. You can use a password manager. Oftentimes your web browser has an inbuilt password manager, or you can invest in an external one such as 1Password or Dashlane. They'll help you to generate strong passwords, even using special characters, which mathematically are a bazillion times harder to crack than a regular word (please never use "123456789" as a password!). Using password managers also help to prevent duplicate passwords on accounts meaning every website has a different password, which is always good practice.
Change the default web address to login
The default web address to log into the backend of your WordPress is yourwebsite.com/wp-admin. Most WordPress websites never change this default web address meaning a hacker knows where to begin should they want to attempt to hack your website through a poorly chosen password.
Change your default login web address will significantly improve the security of WordPress-based websites. For example, you could change it to:
- yourwebsite.com/login
- yourwebsite.com/login-website
- yourwebsite.com/get-access
To do this, you'll need some web development experience but if that's not you, use ithemes security plugin. One of the features of this free security plugin is to do exactly this. We'll talk more about it in the next step.
Use a security plugin
The above three steps cannot be done by a security plugin - these are things you must do. However, there are a number of other security measures you can use to improve the WordPress security of your website just by using an off-the-shelf plugin. We recommend ithemes security and regularly use it on our client's websites.
It's able to:
- Monitor failed login attempts
- Scan for malware
- Change the default web address to login
- Backup your database
- Harden file permissions
- Implement other basic security measures
So what's next?
Spend some time going through your website and improve the WordPress security of your website. Begin with implementing these 4 steps and you'll be on your way.
However, you're not alone in this battle to keep your website secure. Our team of developers are able to provide feedback on your current security measures and even implement measures themselves.
We also advise having a website maintenance package. Our current packages offer WordPress, theme and plugin updates as standard and even a backup feature so if your website is ever compromised, we'll be able to turn back time to a moment when your website was okay. Included in these packages are free development time in which you'll be able to make changes to your current website and grow your business sales.
Get in touch with our team today and they'll be able to help.