WordPress is a very secure platform, but as one of the most popular website softwares, it is also a very popular target for hackers. The good news is, there are a few relatively simple steps you can take to make sure your site is secure. Don’t want to get technical? Let me secure your site for you! For just $99, I will go through your WordPress install, and perform the steps outlined below. If you choose to host your site with me, I will also continually monitor your site, run weekly backups, and keep your WordPress install, theme and plugins up to date. Send me a note with the contact form, or schedule a consult today!
- Rename the ‘admin’ user. And make sure to use a name that does not include your site name.
Hackers will try common usernames like admin, root, webmaster, and various combinations of your site name. Don’t make it too easy for them, choose usernames that are not easy to guess.
- Enable two factor authentication.
Two factor authentication makes sure it is really you logging in by either requiring a code from the Authenticator app, or texting you a code, when you login from a new location. A minor hassle that can save the major headache of a hacked site. The easiest way to set up two factor authentication is to connect your site to WordPress.com, and use their login.
- Keep your WordPress installation, themes and plugins up to date.
The WordPress community moves quickly to fix vulnerabilities as they are discovered. Make sure you are taking advantage of that by keeping your site up to date. Enable auto updating with WordPress, and any plugins that allow it.
- Disable and delete any themes and plugins you don’t need. Also, delete any inactive users.
Plugins are great, but they also can increase the risk of your site getting hacked. Disabling plugins you don’t use helps minimize the ways your site can be compromised. Each user is also another potential breach, make sure you only have as many administrator or editor accounts as you need.
- Install a security plugin
My personal favorite is Wordfence, their free version provides robust protection from brute force attacks, as well as alerting you to potential security issues on your site.
- Run Regular Backups
If the worst does happen, and your site is taken over by hackers, get back online with a minimum amount of fuss by having a backup ready. Updraftplus is my plugin of choice, it can store backups on the server, or offsite on Google Drive, Dropbox, and other cloud storage options.