dtawwab

Whether you are a wordpress guru who has multiple WordPress sites set up, you’re are a novice that has recently set up your WordPress website, or you’re somewhere in between the two, WordPress security is essential for you to know. In having this knowledge you protect website from being hacked and tampered with. Not being aware of the security precautions to take can not only be detrimental to the safety of your website but it also has the potential to destroy the hard work you put into making your WordPress site a success. Below are 8 quick steps to help ensure that your WordPress website is safe and secure.

1. Generate Strong Passwords

This is first thing that you can do that is the easiest way to protect your site. Having strong passwords on each of your WordPress sites is very important and should be taken seriously. Your password is your first form of defense against hackers so you should take the time to make sure they are strong and are different on each of your WordPress sites. Below are some guidelines to follow when creating your passwords:

Make sure all passwords are at least 15 characters long
Passwords should be a mixture uppercase and lowercase letters, numbers, and special characters.
Try to avoid using words. Words make passwords easier to guess.

After you’ve created your passwords, you should keep up with them using a password manager.

*Warning: Do not write them down!

What is the point of working hard to generate a strong and secure password and then writing it on a piece of paper that can be lost and can end up anywhere? There is none!

So please, have your passwords secure in your head and in a password manager that has its own secure master password. If you are looking for a reliable password manager to use a few good ones are LastPass or KeePass. LastPass has a free version and a premium version that they offer. KeePass is open-source and completely free.

2. Keep WordPress Updated

When keeping WordPress sites secure it is important that you keep things updated. Things to keep updated include:
Versions of WordPress
Plug-ins & Themes
All things associated to any VPS server you may have

These updates are important because they fix bugs, patch security holes, and introduce new features.

Those of you who have multiple WordPress sites to update there are tools out there for just that. Infinite WP and Manage WP allow you to update and manage your sites all in one dashboard.

3. Do Monthly Housekeeping

Just like any house not only does WordPress need to be updated and kept fresh, it needs to be kept tidy. To keep your WordPress install from becoming cluttered be sure to get rid of any old plugins or themes that you no longer use. By eliminating these things you will keep your WordPress site from becoming out of date and being vulnerable to hackers.

3. Don’t Look Fresh Out The Box

When you first download WordPress you want to delete all default posts and comments to make sure your site doesn’t look brand new. If hackers find these default posts or comments it indicates to them that the site is brand new and new sites with default settings are usually easier to hack into.

Next you want to hide the version of WordPress that you have installed because if hackers can detect the version of WordPress you are running that makes your site easier to hack as well. This can be done in two places. The first place is in your header.php (wp-content/{name of your WordPress theme}/header.php) file. Look for a line that has “” and remove it.

The second place is in your general-template.php file (wp-includes/general-template.php).
Find the following line::

function the_generator( $type ) {
echo apply_filters(‘the_generator’, get_the_generator($type), $type) . “\n”;
}

Add a hash in front of the echo command as shown below:
function the_generator( $type ) {
#echo apply_filters(‘the_generator’, get_the_generator($type), $type) . “\n”;
}

Also, be sure to change the default “admin” username that is provided when you first set up WordPress. Most hackers are going to try to hack into sites that use the default “admin” or “administrator” username or even the sites domain name as a username because they are easier to crack.

4. Prevent Multiple Login Attempts
There are many unauthorized login attempts that occur on websites daily. To protect your WordPress sites from these unwanted visitors you can install a plug-in called Limit Login Attempts that will lock out hackers after a certain number of unsuccessful login attempts.
Make sure you have taken the previous steps listed above first and then use the plug-in as an extra layer of security.

5. Monitoring & Fixing Malware
It’s just as important to the security of your WordPress site to have a tool to monitor your site for malware. A reliable tool to use to do this is Wordfence. Wordfence scans your WordPress core, plug-ins, and themes for changes against the files in the WordPress archives. If there are changes you will be notified through email about the changes.

Another solution for monitoring the presence of malware is called Sucuri. Sucuri offers Website Integrity Monitoring and Manual Website Scanning to stay on top of the presence of malware on your site.

Not only is preventing malware from infecting your WordPress site important but cleaning up your site if it is ever is infected is just as important. Sucuri is also a great solution for removing malware from your site. They offer malware clean up and in the event that you have already been hacked you can sign up for their service and they will remove the malware even if you were hacked before signing up.

6. Choosing a Hosting Provider
Many choose a shared hosting provider to host their WordPress site but it isn’t necessarily the best solution when trying to maintain a secure WordPress site. With shared hosting your WordPress site is just one of many that they are hosting and it puts your site at a greater risk of being hacked into. The risk is so great with shared hosting because if just one of the other sites being hosted on the same server as your site is hacked into, your site could possibly be hacked as well.

Having your own VPS server may not be the best choice for you either considering the knowledge to manage it and the cost. However, a managed WordPress hosting maybe a great alternative for you. Many steer clear of managed WordPress hosting because it tends to be more expensive but it is well worth it considering the risks that come with generic shared hosting.

With managed WordPress hosting you get improved security, a faster site, support, & automated backups done for you. A few of the widely known managed WordPress hosting available are: WP Engine, Synthesis, & Pagely. Start by checking those out and seeing which one is the best solution for you.

7. Always Backup Your WordPress Site!
It is always a great idea to keep a backup of your WordPress site just in case your site does happen to get hacked or you make a mistake and need your original files. Two reliable tools to use when backing up your WordPress site are BackupBuddy and VaultPress. Also when backing up your site you want to make sure that your backups actually work just in case you need to refer to them.

8. Stay Current
Staying current is essential not only for WordPress security but in all areas concerning your WordPress site. There is always a new version, plug-in, method, or feature being developed and if you don’t keep up with it your site will be out of date. As we said above an out-of-date WordPress site is susceptible to being hacked. So while following the above steps will definitely help keep your site safe and secure you must stay up to date on how WordPress security changes over time.

Preventing your site from being hacked is a lot easier than fixing the damage done once your site has been compromised. So stay on top of it!