As you are probably aware Lime Canvas is a WordPress agency. Everything we do for our client’s and partners in some way involves WordPress. We are also very actively involved in the local WordPress communities in Sydney and Dublin.
So below you will find 5 WordPress security tips that you absolutely MUST implement if you have a WordPress website. Believe me when I say that if these tasks seem challenging now, ignoring them will
Prevention is better than cure as the expression goes.
1 – Do not have admin as your username
Some of the quick installers web hosts provide to setup WordPress will either use “admin” as an example of a username or will actually use it as the Administrator account’s username.
Like drugs – just say no. Every time you say yes to “admin” as your WordPress Administrator account username, somewhere else in the world, a hacker rubs his or her hands in glee and a baby kitten dies.
What your site username(s) are is something you need to check and luckily
Simply click on the menu item on the left
This is something you should go do right now if you are uncertain because by using admin as your username what you are doing is reducing a Brute Force Attacker’s workload exponentially. All they need to do is brute force your password.
These Brute Force Attacks on WordPress have been a real problem lately and although the large scale
2 – Use a secure password
This is so basic and yet almost without fail new client’s that come on board with Lime Canvas have WordPress administrator accounts with passwords that are shockingly weak.
A secure password is a string of characters with 12 digits which are a mix of letters, numbers,
I recommend using a password manager that generates (and securely stores) really robust passwords. This one is free and works great on all good browsers (and some of the crappy ones like Internet Exploder).
3 – Make sure you have WordPress backups
For large scale backups or a backup
If you just have one or two sites there is a very user-friendly plugin that you can use to backup your WP installation to Dropbox on a schedule. Keep multiple backups.
This will require a Dropbox account but those can be set up for free, so there really is no excuse for not having your own backups.
4 – Install a security plugin
There are a lot of different options available that offer an array of firewall features & functions. At an absolute minimum whichever you choose should limit login attempts.
Wordfence Security is probably the most well known and widely used and would be my personal preference.
5 – Always keep your plugins and themes up to date
This is the first thing most web hosts will blame as being the cause of a security breach should one happen to you (whether it is or not!). These updates pushed out by the plugin’s developers regularly fix security holes, so it’s important that you keep your installations up to date at all times.
If you manage a good number of websites this can add up to a good chunk of work. Unless of
If you’ve read this post thinking that I’m being overly cautious or exaggerating please understand that WordPress as a platform is very secure. However, we get a sizable volume of queries every week from people whose sites have been hacked and who are looking for us to provide a WordPress security solution.
Good luck and stay secure!
I’d love to hear from you if you’ve had any experiences with having your WordPress website breached and what your experience was with getting it fixed…