WordPress security has become more and more of a concern over the years, since it has been adopted as the website creation tool of choice for many companies. This is mainly due to the fact it can be easily customized and adjusted to fit many companies’ specific needs. The goal of this article is to discuss WordPress security or “hardening” of a WordPress site. Even if you have taken little to no security precautions until this point, it’s likely that you have at least a slight familiarity with some common security tactics.
Did You Know?!
WordPress is the No. 1 content management system (CMS) in use today. It powers 27.3 percent of all sites across the internet as of the end of 2016. This information is brought to us from W3Techs, a company that tracks the usage of different web technologies across the web.
1) Limit Plugin Use
First things first, if there are plugins not in use, delete them (make sure to delete and not deactivate). There is no need for any unnecessary plugins because it will just reduce the site performance as well as speed. I recommend using plugins with multiple features. The less you have, the less likely it is for hackers to access your information.
2) Automatic Update Is A Must
If you’re not the type to login on a regular basis, an automatic update can do wonders for you in the long run. It prevents having to work harder later because a hacker got into your website. By not getting the newest updates, you’re risking getting into a mess in the future. Another great practice is doing site maintenance, since updating alone isn’t always enough. Always double check your website after an auto update, since you can crash your website by auto updating if not properly monitored. Make sure to update on plugins and themes as well. They do get updated automatically, but it can be at different times. So, in conclusion, if you have a habit of not logging in on a regular basis, this is a great way to make sure your website is up-to-date and secure.
3) Don’t Be Cheap About Premium Plugins
Like most, I understand the appeal of getting a premium plugin for free. It’s an easy alternative to buying expensive plugins that you may only use once, but that’s not the best or the safest. The pirated plugin might have become infected once it hit an illegal download site, giving a possible hacker control over your website. Just stick with the safe route and pay for the plugin if you need it. Don’t try to skimp out on paying the developer for their hard work.
4) Hide the Author Username
WordPress defaults can lead to a security compromise if left intact. It can make usernames visible on your website and reveal information to hackers. Ensure that your website remains under your control by hiding usernames (especially the administrator’s). Use a code to lead hackers back to the homepage of your website whenever they try to find out your username or any other usernames available.
5) Get Rid of PHP Error Reporting
Strengthening the backend of your website can close weak spots or holes. It can also lead a hacker onto your server path if a theme or plugin doesn’t work properly. By disabling your error reports, you won’t have to worry about your website being at risk.
6) Use .htaccess to Protect Pertinent Files
.htaccess is extremely important to make sure your pertinent files are secure. This affects how your website both structures permalinks and controls security. Just a bit of modifying and using a code can strengthen .htaccess and boost the security of your website.
7) Log Activity on Your Dashboard
It is important to be able to log the activity happening on your dashboard, just in case there is any possible breaks on your website. Although WordPress keeps track of all activity on your dashboard automatically, it’s a bit hard to use. Using a plugin like yoast, it can log all steps taken from a user (including yourself) and can help to maintain security. Regardless of whether a user has ulterior motives, it can reassure you that any possible mishaps can be handled and documented.
8) Get a Good Hosting Provider
A good hosting provider is a must if you want your website to stay secure. We at Falconics use VPS hosting, which has automatic backups that are moved to cold storage on a weekly basis. What this means is no matter what, your website will always be backed up and secured. We also only use US based hosting. We strongly recommend this because US hosting is held to a much higher standard than many other hosting companies outside the US. In saying that, if you already have hosting, make sure and verify if it is or is not “Shared”. Shared hosting is fine if you have an account isolation (this makes sure the other site doesn’t affect your site). Your web hosting should be as secure as they come.
9) Make Your Login Page Obscure
Obscuring your login page can help to combat against hackers. It might only hide certain elements, but it can help to prevent a security breach overall. By relocating or renaming your login page, it can make it harder for hackers to attack. There are also plugins that do this and work to help maintain security.