A 10 Step Checklist to WordPress Security
With about 65 million WordPress sites on the internet to date, it’s no surprise that WordPress security has become a hot topic. WordPress security has recently been challenged by a wave of force attacks at internet service providers that were targeted specifically at WordPress installations. Understanding WordPress security must become a top priority for all WordPress websites. Knowing WordPress security is essential to avoiding business interruption. You will be happy to know that here are internet Marketing Decoded we use all of these security techniques to keep this site and your information secure.
1) Remove signs that give hackers clues about your site including:
A) Remove the WordPress version from the website’s header and don’t tell people what version of WordPress you are running, especially if your version isn’t up to date.
B) Remove your admin user name and replace it with a unique user name and password. Never use the admin user name for the admin login.
C) Remove the login link from your theme. Remember that it appears in the Meta widget.
2) Secure your login, installed plug-ins and systems that do one or more of the following:
A) Limit the number of login attempts an IP address can use within a specific timeframe.
B) Consider adding two-factor authentication, which will require you to enter an additional code to login. There are a number of these plug-ins available.
C) Rename the “wp-login.php” file to something else (such as “log-in.php”) so that hackers cannot know the correct login URL.
3) Add SSL for your WordPress Admin.
(Note: You will need to contact your web host to have them implement a Secure Socket Layer for your WordPress Admin area.)
4) Establish a system to:
A) Scan your site regularly for virus and malware
B) Update plug-ins and WordPress software
C) Back-up your WordPress site regularly
5) Create a strong password to log into your site.
It should include upper and lower case letters, numbers and special characters. Your password should have nothing to do with you or your personal life, so it cannot be guessed, and have a system to change it at least once every 90 days. RoboForm is a tool that can help you keep this organized.
6) Utilize reputable and trustworthy providers including:
A) Website designers/developers
B) WordPress Theme developers
C) Ghost/Guest bloggers
D) Virtual assistants
E) Give each provider a unique password, username and administrative login. Change the information after business with provider(s) is concluded.
7) Change the default table prefix in the WordPress database…
…or have it changed for you, so that hackers cannot easily access your database.
(Note: For a new Word Press installation, you can change the table prefix in the “wp-config.php” file before installing WordPress.) With the WordPressDefender WordPress Security plug-in you can do this on the fly as well as other things.
8) Uninstall and remove any and all unnecessary themes, plug-ins, and users.
These can introduce vulnerabilities of their own.
9) Use a reputable host with demonstrated security practices and systems in place and a reputation for secure hosting.
(Don’t be afraid to ask. It’s your site.)
10) Create systems to ensure that your back-up system is working effectively and efficiently.
Backing up your WordPress site isn’t a “set it and forget it” event. Create a system to regularly check to make sure your blog/site is backing up effectively.
No blog or website is impervious to hackers. However, when you take these ten WordPress Security steps to protect your site, you will drastically reduce the odds of trouble. It’s well worth the time and effort up front to protect your business down the road.