If you are new to WordPress security this article will touch on the importance of security and how you can protect your WordPress website. It’s important to note that WordPress is not an inherently insecure platform. It is simply a very popular platform and has a huge number of themes and plugins available, which makes it an attractive target for hackers. One of the biggest misconceptions is that once you have a WordPress website no further work is required. Well, you are wrong. Here are a few basic steps for preventing a WordPress website from being hacked.
WordPress Security 101
WordPress security begins the moment you log into your WordPress website. Always ensure you are logging into the correct website. Check the domain name in your web browser location bar to make sure it is your own website.
In order to log in, you will need a username and password. The username should be something that would be difficult to guess. The password should be a minimum of twelve characters including numbers, letters and special characters. And no, you shouldn’t be writing it down.
Keeping your website up to date
There are three main aspects to your website that you need to ensure are constantly up to date: WordPress itself, the theme you make use of and the plugins you’ve installed.
You should always make sure that your WordPress version is up to date because the WordPress team creates updates to fix security vulnerabilities.
Occasionally a security vulnerability may be discovered in your site theme that allows hackers to gain access. Any reliable theme maker will distribute fixes for vulnerabilities in the form of new theme releases. After reviewing the changes, make sure you upgrade to the newest version of your theme if one is released.
Keeping your plugins up to date and secure is one of the most effective ways to ensure that your WordPress website stays secure. When a new version of a plugin is released, review the changes and upgrade to the newest version as soon as possible, especially if it includes a security fix.
Finding and installing plugins
WordPress plugins are very useful and one of the most powerful features of WordPress. There are tens of thousands of open source plugins available at WordPress.org in the official WordPress plugin repository.
Here are a few important tips when searching for a plugin:
- Only install plugins from reputable sites.
- Only install plugins that you need. The fewer plugins you have, the smaller the “attack surface” that hackers have to access.
- Only install maintained plugins. If a plugin has not been updated in over a year, it is probably not being maintained. This means if a security problem is reported to the developer, they might not fix it.
- Delete deactivated plugins on your site. Deactivated plugins can still provide a way for a hacker to gain entry because the code may still be publicly accessible.
This article briefly touches on the importance of WordPress security, and what you should be aware of if you have a WordPress website. This is a basic introduction to WordPress security, however if you have any problems that we have not addressed in this article then feel free to contact Flicker Leap to speak to one of our WordPress experts.