We may earn money or products from the companies mentioned in this post.
17 SIMPLE WAYS TO SECURE YOUR WORDPRESS BLOG
WordPress is by far the most popular content management system (CMS) in the world. It is open source, developed by programmers worldwide. Because it is open source, everyone has access to the code, and this is what makes it so attractive to hackers.
The open source development makes WordPress the success it is, but unfortunately, it makes your website more susceptible to security breaches. With all its many advantages, this is the greatest disadvantage of having a self-hosted WordPress website.
Notice I said self-hosted. The free WordPress website is maintained by WordPress.com and they monitor the security. The owner of a self-hosted WordPress is not only responsible for hosting the website, but also for its security.
What if you who do not have many resources or what if you are functioning as a “one man band?” How do you ensure that you get to use the best CMS on the planet while still keep your site safe from hackers, without major expenses?
There are simple tweaks that most of us ignore in addition to other things that we can do to secure our site. The journey all begins from the first time we set up our blog or website on WordPress. Let us look at the simple ways how to secure WordPresss website for free. I will first look at what you can do as soon as you are setting up your blog and what you can do after your blog is installed.
WHAT TO DO WHEN INSTALLING YOUR BLOG
I will first look at the One-Click Install process. This is what it looks like on our web hosting service, but it is quite similar to other hosting providers.
1. DO NOT USE “ADMIN” AS USERNAME
Using the username “admin” is not advised as hackers are all too familiar with it. Instead, create a word to use as your default username and WRITE IT DOWN in a safe place.
2. USE A STRONG USER PASSWORD
When choosing a user password, the natural thing we do is to choose an easy password that we can remember. Please don’t. This is easy picking for any malicious automated software. Choose a password that you cannot remember out of your head. Choose one that combines different variations of:
- Capital Letters
- Common Letters
- Special Characters
The length of the password is also important. The longer it is, the harder it will be to crack. Try to make it over 14 characters. I suggest going up to 20 or more. WRITE IT DOWN in a safe place for future reference. In addition, change the password frequently. You may use an online password generator like Norton Password Generator.
3. LIMIT LOGIN ATTEMPTS
You will want to limit the login attempts so anyone trying to get into your account will be locked out after “X” number of attempts. Our hosting provides one-click setup of Loginizer, the plugin which allows you to do this. If not offered on your WordPress setup, you can install Loginizer after you have installed WordPress. This is one of the simple was how to secure WordPress website from hackers.
4. CHANGE DATABASE NAME
Change your database name from the default. Use a database name that is original and hard to guess. This will enhance your database’s security.
5. CHANGE TABLE PREFIX
By default, most installs of WordPress will offer “wp_” as the table prefix. Make it harder to crack the database by using something you made up. A table prefix like “fp75_” is much harder to crack than the default.
6. AUTO UPGRADE WORDPRESS
It is therefore good for your site to always have the latest version of WordPress. Whenever WordPress plugs a security breach, they will fix it and update. However, this comes with a problem. Sometimes WordPress puts out an update, it takes a little time for developers to update plugins and themes to work harmoniously with it.
As such, auto-upgrading WordPress can sometimes break your site, until the plugin or theme that is causing the problem is updated by the relevant developer. In that case, disabling the offending plugin or theme usually solves the problem, until they are updated.
If you visit your website regularly, you may not have to check auto-upgrade. You will receive the notification of the update each time you visit your website or blog. However, if you rarely visit, then I strongly suggest you check Auto Upgrade WordPress.
7. AUTO UPGRADE PLUGINS AND THEMES
One of the most common ways your WordPress blog or website can be breached is through outdated themes and plugins. Whenever a security loophole is detected, writers of themes and plugins update to patch the “hole.” This protects your site from being exploited. If you do not update in time, it means you are susceptible to a potential intrusion.
To avoid this, upon installation, choose “Auto Upgrade WordPress Plugins” and “Auto Upgrade WordPress Themes.” By so doing, as soon as a plugin or theme puts out an update, your blog will be instantly upgraded.
8. USE SSL (HTTPS) SECURITY
Secure Socket Layer (SSL) technology is a front end security for your website that uses encryption technology to protect your website from intruders. It is identifiable by the green padlock before your website address in your browser. Google is trying to get every website to use it and as such, it is now a small ranking factor for SEO. Find out more why your website should now Have SSL security.
If you host with us, I will install your SSL certificate for free (it can be tricky for beginners).
Looking for a free solution? Check out Let’s Encrypt free open source SSL certificate.
9. USE STRONG PASSWORD FOR YOUR EMAIL
Exploiting email insecurity is a popular way to access websites.
Like the WordPress Admin password, we tend to use passwords that we can easily remember. It is best to use a secure password here as well; one that you are not able to remember. It is best to use combinations of capital letters, common letters, numbers and special characters. WRITE DOWN THE PASSWORD in a safe place. Another tip? Change the password frequently.
10. DO NOT INSTALL PLUGINS THAT ARE OUTDATED
You must have secure WordPress plugins. When your website is up and running, you will need to add plugins to enhance functionality. There are over 48,000 plugins in the WordPress Plugin Directory. When choosing to install plugins, you will see some that may do exactly what you need, but have not been updated for months and may not be compatible with your version of WordPress. Not only will it potentially have problems working on your site, but is also a security threat.
It is best to only add up-to-date plugins that work with your current version of WordPress.
11. DELETE THEMES AND PLUGINS NOT IN USE
If you stopped using themes or plugins, it is not enough to deactivate them. Delete unused plugins and themes from your WordPress installation, as they are potential security threats.
12. LIMIT USER ACCOUNTS
If you have other user accounts on your WordPress site, it is best to limit it. If they use weak passwords, it could give unauthorised users access to your installation. If you must have other users, it is recommended that you use a plugin like Force Strong Passwords to ensure the passwords of all users are secure.
13. INSTALL A FIREWALL ON YOUR COMPUTER
This is another layer of protection. It prevents access to your WordPress installation through malware planted on your computer. Check out ZoneAlarm Free Firewall.
14. INSTALL ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL
Wondering how to protect your WordPress site from malware? Install Anti-Malware Security and Brute-Force Firewall plugin on your WordPress. This plugin will prevent Brute Force attacks. Brute Force attacks can be undertaken by either using human or bots to continuously try to login to your WordPress website with guessed credentials. In addition, it will provide a firewall to block suspicious attacks.
PREPARING TO RECOVER FROM A SECURITY BREACH
No matter how we prepare, the possibility is still there, that our WordPress installation may yet be compromised. There is nothing worse than getting hacked and not being able to restore it. You may have to find a specialist to restore your website, which could cost you “an arm and a leg.” On the other hand, you may lose everything and not be able to recover your site.
As they say, prevention is better than cure, so the best way to prepare for the eventuality is to backup. Two things need backing up:
16. BACKUP DATABASE REGULARLY
If your database is compromised, having a recent backup is a “life saver.” You can restore your website using this backup. Check out WP-DB Manager. WP-DB Manager will allow you to automatically schedule backups that you may access in cases of emergency.
I know this problem oh too well. I lost one of my websites that were hacked simply because I had no database backup. I am still in mourning for all the work I put in and the value of the original content.
17. BACKUP YOUR WEBSITE REGULARLY
Backing up your website means you can restore it at any time. The more regularly you update your website, the more often you want to backup. Check out UpdraftPlus – Backup/Restore. It allows you to make backups locally, or to Amazon S3, Dropbox, Google Drive, Rackspace, (S)FTP, WebDAV & email, on automatic schedules.
17 SIMPLE FREE WAYS TO SECURE YOUR WORDPRESS BLOG
Those were 17 simple ways to secure your WordPress blog for free. If you employ these, the likelihood of your blog’s security being compromised is greatly reduced. Hackers will never stop trying to enter your WordPress installation; you should never stop trying to protect it. You should never stop trying to have the best WordPress security on your blog.
Finally, take nothing for granted. You must always be prepared for the worst by regularly backing up.
A stitch in time saves nine.