With over 1 billion websites on the internet, WordPress remains the most popular web publishing platform. Its popularity is attributable to the fact that it is one of the most user-friendly platforms. Hence, it comes as no surprise that many organizations and individuals have opted to build their websites on WordPress.
However, popularity comes with a price. WordPress websites have been increasingly at the receiving end of malicious cyber attacks. In fact, a 2014 report by WP White Security revealed that of more than 40,000 WordPress sites in Alexa’s Top 1 Million websites in the world, over 70% were vulnerable to cyber threats.
Despite your website being extremely popular, it can be open to cyber attacks for various reasons. Therefore, although your website may not attract vast amounts of traffic like BuzzFeed or Huffington Post, it still pays to play it safe.
Here are 5 key steps you can take to make your WordPress site more secure:
- Settle for a good Hosting Company
Research reveals that over 40% of the websites hacked were due to vulnerabilities in the hosting platform. Prior to hosting your website, check thoroughly for reviews of various internet companies that offer hosting services. Here are some important questions to ask when selecting a hosting company:
- Are their servers optimized for WordPress sites?
- Do they offer support for the newest versions of MySQL and PHP?
- Do they have advanced malware detection capabilities?
- Does the service come with firewall protection optimized for WordPress?
- How efficient is their support service?
- Is their staff up-to-date on the latest WordPress security concerns?
- Do they offer regular (preferably daily) backups?
When starting out, it may be tempting to select a hosting company based on their pricing. But in the long run, it is not a safe approach. After all, with your website, you are building your online presence and you just cannot leave it to chance.
- “Admin” as a username is a strict
Although a simple step, it is often the most overlooked. When you build your WordPress site, the basic login credentials that you are offered have “admin” as the username. Most cyber-attacks are aimed at your wp-admin access point by trying “admin” as the username and several combinations to determine your password.
Create a new user (Users > New User) with a unique username and complex password. Then, delete the user account which has the username “admin,” and you are done. If you are prompted by the question about what would become of the content created under the username “admin”, you can simply assign it to the new username that you created.
- Use a complex password
Do yourself a favor and refrain from using common passwords such as “123456” or “password.” When it comes to securing your login credentials, your password is possibly the most important line of defense against hackers (along with your username). A good password will have a mix of the following elements:
- Mix of capital and simple letters
- Numerics (i.e. 1,2,3…)
- Symbols (i.e. @,$,%,_)
- Have as many as 10-20 characters
- Do not use the same password twice
- Change your password regularly
If you are stuck for choice, go to 1 password and lay to rest your worries.
- Enhance security with two-factor authentication
Two-factor authentication adds another layer of security for hackers who manage to surpass your initial login credentials. Although a bit of a hassle, the benefits that it offers in terms of security cannot be understated. Two-factor authentication is a given for most access points (think Gmail, PayPal).
This form of security works by requiring a user to have more than two pieces of criteria to log in. This can be your username and password complemented by a special access code or pin sent to your mobile device, all of which are needed to gain access. As a result, a hacker who has broken your username and password will also need your mobile device if he is to gain access to your WordPress site.
- Grant access to others on a case by case basis
When your team members or any third party (whom you trust) require access to your site, grant them access on the basis of “Least Privileged.” Under this principle, you will be giving administrative permission to:
- Those who need it
- When they have an immediate task to fulfill
- For the duration that the task is completed
Once the task is completed, removed that user’s admin rights. Also, when it comes to your team, not everyone needs admin rights to perform most of the tasks.
Although the above is not an exhaustive list of things that you can do to make your WordPress site more secure, it gives you a good starting point and puts you leagues ahead of many others. As well, remember to back up your information regularly in preparation for the worst.
Isaac is a passionate online marketer who helps businesses of all sizes in New Zealand and Australia. He is Asia Pacific Director at 3WhiteHats Digital Marketing Agency A blogger on the weekends and recovering coffee addict.
Hi, Very good article. It’s very helpful for everyone.
Thanks for sharing & Keep it up.
Hi Shalini! I am so glad the article was useful. Thanks for stopping by!
That was helpful. But let me tell you, changing passwords frequently is not great with me. I forget them and managing and remembering is hard. Though this double layer security was a new concept i learned.
Hi,
Yeah, I understand changing the password can be a hassle. What I do for my blog is I have a password book and that helps me keep track of my passwords.
Super tips. There seem to be more and more updates due to loopholes and plugin updates. Thx for the reminder on users – I should disable a few that haven’t worked on my site for a while Better safe than sorry.
Hi Rich,
You’re so welcome. I am glad you enjoyed the article.
Hi,
Great article, thanks for providing great information.
keep up the good work
First of all Thanks for this wonderful Article.
This is very helpful article for everyone. Excellent tips and tools for great deal. I really appreciate your input. Thanks for sharing & Keep it up. I will wait your new post.
Hi Muhammad,
Yay! I am glad the article was useful! Thanks for stopping by.
Thank you so much, Nancy, for sharing your knowledge. I’m a newbie. I’m bookmarking your website to get more tips about WordPress.
Thanks for your tips.
I found our site also has same mistakes 🙁
I have to fix it right now!
Plugin updation is very important to make your site more secure.Thanks for tips..
Thanks for the tips. Given the popularity of WordPress, certainly security is not something anybody will want to take lightly.
This is a pretty useful post for every WordPress user. The internet is not secure at all. One can hack any device and can leak your all data. We write content with so many efforts and work hard to create a useful content but if you don’t have proper security, you may face that bad day.
Anyways, thanks for sharing it. Really helpful
Very helpful tips Nancy! 🙂 I was wondering what web hosting company are you using? 🙂 Would love to know. Thanks a lot!
Great article but I am not very good in memorizing anything so I tried to make single password every where any alternative for it
thank you
Two-factor authentication sounds relatively basic, but in reality it’s such a life-saver.
My Amazon account was actually hacked a while ago. I enabled this type of security and haven’t had issues ever since.
The same thing can be done with WordPress and just about any platform you use – as long as it supports this type of technology.
Thanks for reminding everyone of its importance, Isaac 😉
Super tips. There seem to be more and more updates due to loopholes and plugin updates. Thx for the reminder on users – I should disable a few that haven’t worked on my site for a while Better safe than sorry.
Thank you for your wordpress 101 security post, I like the new wordpress auto generated Password option this help me just copy pasting and remembering my password rather then thinking of some combination which i mostly forget in heavy routines.
I was recently attacked and my site taken over. Thanks for the information you put here.
Well formatted article. Thanks for the tips and tricks. Really loved the way you have explained about the security.
Good Hosting is the thing that i will always prefer.
The security for websites and blog in Wordpress should be priority in the checklist … especially SSL security and all other recommendations of this superb article …
Hi Nancy,
WordPress is the most popular CMS and popular thing s can be hacked easily. So, we must take some steps to secure our website.
Thanks for sharing these fantastic tips.
Keep up the good work.
Hii , your tips are very helpful . Thanks a lot for this blog .
I like ur website and article alot…. thanks
nice thanks nancybadillo
Hey, Nancy!!
I agree Wordpress is the most common platform…Disable trackbacks is a very important thing to be done to make our website secure. Your tips will be of great help for many others too.
Hey Nancy,
Amazing stuff., I found it very helpful, thanks for describe all points espcially (Enhance security with two-factor authentication, Grant access to others on a case by case basis) in brief.
Such an informative post for everyone.
Thanks for providing some great information, Keep doing, All the best.
Maria.
very informative post, when a wordpress site got famous some jealous hacker try to take you down but if you keep these things in mind no one would harm your site.
Great tips,
I think the main reason while wordpress is prone to attack has to do with PHP vulnerabilities and how easy it ease to install remote scripts given the needed know hows.
Nevertheless, for small scale sites. I recommend they keep their passwords highly secure.
I’m pleased you enjoyed the recruiting tips. Yes, it’s changing the concept of “selling” to “sorting” – which is much more acceptable.
Sharing my business interests with Family has never been good for me, as they have different ambitions.
Hi Nancy,
Great tips and whenever I install WordPress, I always install mine manually. I’ll then create a very secure database and username.
I still have clients who have sites with the Admin username. It’s crazy, especially since most reliable hosting accounts will set up a secure username with the one-click install.
These are definitely great tips for anyone who is using WordPress as their blogging platform.
Thanks for taking the time, have a great day 🙂
Susan
Two-factor authentication is one of my favorite from this post. I enjoy reading this post. All these steps are very new to me, and I follow the two-factor authentication for my blog. Thanks a lot creating beneficial contents for readers like me. Im was so impressed with your writings and me personally this blog from last three months. I have read and learned a lot from your writings. Naturally this blog rocks….
Hi,
Very nice post, you shared a very nice information for what I am looking for.
I am amazed no one thought of this before! I have gotten more and better information from you in just a few minutes,
Now I am a regular reader of this blog, keep up the good work.
Thank you!
http://www.housebuyersokc.com
Hi,
Very nice post, you shared a very nice information for what I am looking for.
I am amazed no one thought of this before! I have gotten more and better information from you in just a few minutes,Now I am a regular reader of this blog, keep up the good work.
Thank you!
http://www.universaltrimmings.com
Hi Nancy,
Your blog is truly informative.Recently i started a blog site and was searching for how to make a WordPress site more secure and found your article.It’s very informative and I highly appreciate if you continue writing related to maintaining WordPress sites.
Thank you
Shyam
Awesome article. No matter what the security must be first priority of all bloggers. The most awesome method what I like here is two factor authentication. Because this is the most secured method till now.
Hi Thanks for sharing such a nice post
This is helpful because I have to make my blog more secure from any threats and attacks. Thank you for sharing. 🙂
Thanks for the security tips and a great article. Always important to keep my site locked down!