WordPress is the most popular content management system in the world today. But it also makes it targeted by malicious individuals that mean your site harm. So how do you protect your website from these individuals? Well, there are a few different things that you can do to protect yourself. I’ll be covering a five different things that you should add or start doing today.
1) Install iThemes Security
This plugin has many options to help you protect your site. Some of the features that I have found most useful are hiding your login page and blocking users. Changing your login page from the default http://www.yourdomain.com/wp-admin to http://www.yourdomain.com/somethingunique, is a good security measure. This makes it difficult for an attacker to guess what your login page URL is and try a brute force attack.
The second benefit of changing the default login URL is the attacker will continue to get 404 errors. The plugin will block a user that receives to many 404 errors as they are perceived as a threat. This same logic continues to the login form if a user enters the wrong credentials. To many failed login attempts will also result in the user getting blocked.
iThemes security offers a free and paid version of the plugin. The free version is available in the WP repository and can installed from directory within your WP install.
2) Login Screen Captcha
If you haven’t hidden your login screen then anyone can find it and begin a brute force attack. This attack is when a malicious visitor runs a script that tries username and password combinations until they access your site. Granted it does take a bit of time for this to work but with nothing to stop them than it isn’t a big deal. This is why I suggest you have a captcha installed that will prevent them from doing this.
Captcha’s, although annoying, makes sure that a human is filling in the form and not a bot. A free plugin that can add this to your site is SI CAPTCHA Anti-Spam. This plugin will allow you to add the captcha to your login page to help you deter brute force attacks.
3) SSL Certificate
With any WordPress install I suggest you should have a SSL certificate to protect your information. There is no plugin that will give you an SSL certificate, you must buy them. If you are using a shared hosting solution such as GoDaddy, Host Gator, or anyone else really, you can buy it from them. They will install it for you as well. If you took my earlier advice and installed iThemes Security there is a setting that will force the use of the certificate throughout the site. Or just in the admin dashboard part of the site.
If you are using a hosting provider that you have to buy and install the certificate yourself here is an article to help you out. It is a relatively simple process and can be completed fairly quickly.
4) Regular WP Updates
You should be doing this already, keeping your WordPress up-to-date is crucial. Whenever a new update is released, it generally has security updates that are necessary to keep you safe. This is the simplest of all the actionable items that I have listed.
If you are managing a lot of websites then I would recommend using ManageWP. You are able to add your sites there and update plugins and WordPress core with a push of a button. I would recommend not updating your plugins across all sites each time. Make sure the update is verified for your version of WordPress first. Then up-date one site and make sure that everything is working.
The last thing that you want to have to deal with is a bunch of sites with the same issues. Once you have verified that updating a plugin is safe then I would move forward and update it throughout.
5) Create Regular Backups
In the instance that something happens to your site make sure that you have a backup handy. For the websites that I manage I use Backup Buddy by iThemes to create backups and send them to a dropbox account. Backup Buddy is a paid plugin, if you have the budget to buy it I would recommend it. The plugin can be set on a schedule so you can set it and forget it.
If you don’t have the budget to buy Backup Buddy you could manually backup your website. You would do this by exporting a copy of your sites database and making a copy of your site files. In this instance, you should make a schedule to update your database once a week and your files once a month.
When it comes to protecting your site you must stay diligent in its maintenance and care. People will always find new ways to try to break into your site for what seems to be no reason. Don’t make it easy on them, as it is cheaper to upkeep your site but far more expensive to rebuild it.
If for some reason you don’t not have the time or knowledge to maintain your site look into alternate solutions.
We offer support services for WordPress websites which you can find by clicking below. In the meantime, if you have any other securities methods that you use add them to the comments below.