8 Simple Steps to Keep Your WordPress Site Secure

It’s ironic that securing a WordPress website is called “hardening.” The process is a bit like adding more stones and rocks to bolster a fortress. But, remembering all the details of WordPress security is so much “harder” (and so much more important to keeping hackers away) than a rock wall!

For the longest time, it was possible to pretend that if you didn’t engage in any unsafe web browsing practices and employed a competent host for your website, you would be safe from the malicious actions of hackers. I say pretend because this was never actually true, but it was easy to believe that small business owners just weren’t large enough targets to be worth attacking.

Well, in the age of big-box security leaks, NSA snooping, easily lost mobile devices chock full of personal data, and hackers that are increasingly targeting smaller targets, I would say that the illusion can no longer stand. It is imperative that everyone, even small businesses, protect themselves from the ravages a hacking attack can wreak.

But for many, the barrier to protecting themselves is simply a lack of understanding or a fear of approaching something that seems too technical from the outside. Never fear! There are many steps even the most technically challenged can take to protect themselves, and if you stick around, I’ll tell you about a few.

And since WordPress is pretty soft on defense, it’s seriously important to step up and combat the attacks.

That’s why it’s worth repeatedly telling you about how to best protect your WordPress site. Especially when these 8 simple steps can help even the most technically challenged secure their website.

Keep WordPress, plugins, and themes up-to-date

It’s amazing that something so simple can have such a big impact on site security. Whenever you log in to the dashboard and see that “update available” banner, click it and update your site. If you’re worried about something getting screwed up, just make a backup before installing the update. The important thing is that you do updates regularly. And be sure to update plugins and themes, too, since each is like a “back door” to get into your site and your personal information. Bonus tip: Only download plugins and themes from reliable sources and delete any you are not using.

Limit users… and be careful with usernames and passwords

You can give anyone you want access to your site, but you shouldn’t. Every person who has access is another weak point in your chain of defense, so the only people who should be given access to your site are the people who actually need it in order to accomplish something. Also make sure that when assigning users their usernames, you don’t use anything obvious. DO NOT make “admin” your administrative username, or anything else that resembles your name or the name of your business…and establish strong (hard to guess) passwords. Bonus tip: You might even want to create a two-step authentication process. This means a password is required plus an authorization code that is sent to your phone in order to login to your site (there are plugins for that, too).

Use a security plugin and a firewall

If you want to ramp up WordPress security, then opting for a reputable security plugin is your best bet. These powerful plug-ins can provide comprehensive protection features such as active monitoring, malware and file scanning, blocklist monitoring, hardening, post-hack actions, firewalls, brute force protection, and notifications of potential security threats that have been detected. One of the most reliable and popular options available is the Wordfence Security plugin. Not only does it offer all the key protective measures mentioned above, but users also get an overview of traffic trends and hack attempts. And with pricing ranging from free to $99 per year for one site – or discounts for multiple sites – it’s an excellent value. So, if you’re looking for a secure platform for your WordPress website, be sure to consider the Wordfence Security solution.

Hide author usernames

WordPress is a secure content management system, but it is not immune to hackers. After being hacked myself within a year of launching my first WordPress site, I have since taken extensive measures to protect my website, including removing all WordPress usernames and author links. This is because WordPress usernames are like candy to hackers – too easy to resist.
Strong passwords are known to deter malicious activity, however, they are only part of the solution. Hiding WordPress usernames is an extra security measure that should not be ignored, just as you wouldn’t want your bank’s username openly displayed. This matter is even more important if you’re running an eCommerce business that handles consumer financial information. To protect your WordPress website, it’s essential to take precautions and hide usernames and author links.

Select a top-notch web host with top-notch security

Hands down, this is one of the best security measures you can take. WordPress has said that nearly half of all site hacks occur through the vulnerability of a host. Once you’ve engaged said host, always use strong passwords for your accounts and databases. If you’re not using a password manager to keep track of and generate your passwords, you should be.

Keep your computer up-to-date

Vulnerabilities on your computer (and your users’ computers) can sometimes lead to hacks (something many of us forget). When software patches are released, install them and remind users to do the same. When a new operating system is released, do your best to upgrade as soon as possible. Also, make sure you use a reliable firewall and anti-virus software…and check for and promptly eliminate malware.

Keep your site spotlessly clean

You wouldn’t leave dirty dishes and flatware sitting in stale water for three days in your kitchen sink would you? Of course not. It would be a breeding ground for filth and muck. Every few months, follow our “Spring Cleaning Tips for Your WordPress Website,” like you would your kitchen. It will keep you safe.

Take WordPress security seriously…and get a little added help

Want to make sure that your website is as secure (“hardened”) as possible? Turn to the WordPress security experts at Austin Website Design. We’ll help bolster your fortress and strengthen your defenses in no time!

Leave a Comment