How to make my WordPress site secure: WordPress is amazing, and if you’re reading this blog, we are sure you already know that, but keeping your site secure should be the top of your list when building your new WordPress website.
If you don’t have security in mind, then it could cause you a lot of hassle and frustration down the line. For example, hackers may get into your website and take it down. Not only that, but they could also get inside without you knowing, and install malware that then passes onto your users. As a business, you would not want to give potential customers malware without you knowing.
So at Kaizen Five we have decided on the top 5 best tips for security when it comes to a WordPress website.
Just quickly! If you’re looking for a video version of this blog post, then you can find it below.
Ready? Let’s get started.
1. Keep WordPress Updated
WordPress needs to be updated as soon as a new update comes out if possible. You wouldn’t want to launch a site, not touch it for a year, and then come back and find out that you are 3 or 4 versions late. This would mean hackers can access your website easier if it was out of date whereas a simple update could of potentially stopped them.
The same goes for WordPress plugins. There has been countless time where a plugin has had malicious software installed inside of it. Most of the time the only way to fix this is to either remove the plugin, or wait for a new update which fixes the issue.
2. Use a Strong Password
This has to be one of the easiest ways to protect your website. Simply use a 12 character long strong password using Uppercase letters, lower case letters and numbers and symbols. A great website for this is https://passwordsgenerator.net/.
A lot of people don’t like using long passwords as they’re hard to remember. The best way to get around this is to use a password manager. Here is a great article on why you need to use a password manager: https://www.wpbeginner.com/beginners-guide/what-is-the-best-way-to-manage-passwords-for-wordpress-beginners/.
3. Install a WordPress Security Plugin
You don’t want to constantly check your website every 5 minutes to check for file changes or new code that you never added… and it would also be very very time consuming. So just install a security plugin, as simple as that!
We recommend https://wordpress.org/plugins/sucuri-scanner/. They provide a wide range of security features all for free. Here are some of the features they offer:
- Security Activity Auditing
- File Integrity Monitoring
- Remote Malware Scanning
- Blacklist Monitoring
That’s only a few… they are plenty of more features.
4. Change your WP-login URL
There are plenty of bots out there on the internet world that look for wp-admin links specifically on websites. Once they have found one, they will perform something called a brute force attack. Essentially it just fires random passwords into the website until it gets it right.
Here are 2 ways to prevent a brute force attack. 1. Enable 2 factor authentication. 2. Enable IP tracking for your login page, and if you see an IP that has attempted to login multiple times and you don’t know who they are, just block that IP.
You can change your WP-login url to anything you want, and this can really help stop the bad guys from getting in. Due to a lot of site owners using weak passwords, it is surprisingly easy for brute force attackers to gain access to a lot of websites.
5. Limit Login Attempts
This actually goes hand in hand with tip number 4. If a brute force attack is being attempted on your website, and you limit their login attempts, the chances are that this will deter the attacker as it will take too long for them to get into the site.
Here is a great plugin that we recommend: https://en-gb.wordpress.org/plugins/wp-limit-login-attempts/.
We hope this helps you when it comes to WordPress security. If you’re looking for someone to make your WordPress secure then please get in contact with us at: https://kaizenfive.com//contact-us/.
To learn more about our web services please click here: https://kaizenfive.com/website-development