7 SECRETS to make your wordPress website secure
Nearly half of all websites in the World are powered by WordPress (including the ones we create) so keeping your website secure is essential, WordPress is the most popular Content Management System (CMS) in the world, but how do you do that? With WordPress being the top dog, there comes issue with that, these issues including hackers, and lots of them. No niche of website is safe, every WordPress website is a target. Without taking the correct precautions and security measures, you are putting your website at risk.
But its not something to lose sleep over, in this post I will giveaway 10 secrets that I personally use here at L7 to keep our websites secure.
1 - Use a WordPress Security Plugin
In general I am a pretty lazy person and the thought of having to go through and manually check my website(s) for malware is not appealing to me, not only this but having to keep my knowledge of of coding practices up-to-date to recognize this malware is another thing I would prefer not do. If you’re the same a same as me, having someone/ something else do the work for you sounds more than ideal, this is where WordPress Security Plugins come in to save the day. A good WordPress Security Plugin will do everything you need from scanning for malware, taking care of site security and will be your sites personal security guard 24/7 checking the activity on your website.
2 - Ensure you use a good hosting company
One of the easiest ways that you can keep your WordPress website secure, that is by selecting and using a solid website hosting company. I understand that the temptation of going with the cheapest hosting provider possible to save on costs, however by choosing to do this you are putting your website directly at risk due to the lowered security that a cheap hosting company may provide. Some issues that may occur with cheap hosting companies can include loss of data or your website URL redirecting elsewhere.
Hosting companies in general follow a value ladder, meaning as price increases (cost of hosting) so does the value (Hosting services/ website security) and vice versa.
3 - Install SSL Certificate
I would recommend installing Single Sockets Layer (SSL) for all websites. The history of SSL starts with its initial use of being required for a website secure for transactions like processing payments. In the present day however, Google favors websites with an SSL certificate in search results.
Any sites that process sensitive information such as credit card details and passwords. If you do not have a SSL Certificate all the data between the user’s web browser and also your web server will be delivered in plain text, which in turn can be accessed and read by hackers.
Most website hosting companies will offer a free Let’s Encrypt SSL Certificate.
4 - Unique Username and password(S)
Before you get offened that I’ve even mentioned this, a weak username and password is the downfall of a lot of websites, and having a unique username and password is actually one of the best ways that you can use to secure your WordPress website.
If you have multiple WordPress websites then it is essential that you use different passwords for each WordPress website. To store multiple passwords it is recommended to use an encrypted database on your computer. An alternative to this is to use a password manager such as 1Password. In general your data is pretty safe as it is hosted in the cloud, however using a password manager over using the same password across all sites is definitely recommended.
5 - Use two-factor authentication
Following on directly from the last point, an extra step you can take to keep your password(s) secure is utilise two-factor authentication on your WordPress website. I recommend this because no matter how crazy you make your password there is a still a risk of it getting discovered and exposed. Two-Factor authentication is a 2-step process in which an extra step is required after inputting your password. The second method of authentication that is used is usually a One Time Password (OTP) sent to you either by Text (SMS) or via email. Two-Factor authentication is almost always 100% effective as the likelihood that that the attacker has both your password and your access to your smart phone or email is very low.
6 - you can Hide your WordPress version
This is beneficial as the less someone is able to know about your WordPress website the better. For example if a hacker was able to see that you are using an outdated version of WordPress their eye would light up. Your WordPress version, by default, shows in the header of your WordPress websites source code. The easy fix here is always ensuring that your WordPress version is up to date.
You can install a plugin such as perfmatters, which will allow you to hide your WordPress version in one quick click.
7 - Ensure you use always use secure connections
You should always make sure that your WordPress hosting is taking precautions such as SSH or SFTP. SFTP stand for Secure File Transfer Protocol is a network protocol which is used for file transfers. SFTP is a more secure method than using standard FTP.