Safe and Sound: Tips to Keep Your WordPress Site Secure
Almost 30% of the internet is run by WordPress, including major players like the New York Post, Spotify and CNN. But of those sites, 70% are vulnerable to security hacks.
WordPress is a great platform because it can be customized using pre-existing and self-developed plugins and themes, allowing users to focus on site content rather than coding.
While this saves time upfront, it’s critical that these plugins and themes are consistently updated.
Hackers are continually evolving their methods and finding different ways to exploit new and existing infrastructures. Here are some simple ways to help protect yourself and your site.
By keeping a regular update schedule, your installations, themes and plugins will be maximally protected from vulnerabilities. As weaknesses in these things are found and exploited, developers will release new versions of the tool in order to fix it. If you lack the time or tech skills to update your site regularly, we recommend finding a partner who can do it for you.
Use trusted software.
Only use software you trust with your site. Use official plugin and theme repositories and make sure anything you purchase comes with a GPL or other documentation and a recommendation from the WordPress community.
Use data security best practices.
Consider using passphrases instead of passwords, as they’re easier to remember and harder to crack. Don’t share these between sites!
Make SSL your standard.
SSL is the standard security technology for creating an encrypted link between a web server and web browser—so it should be standard for all your site traffic. You know an SSL connection is present when the URL has the HTTPS instead of the HTTP prefix in the address bar. Browsers like Google Chrome, Firefox, IE and others will even display a green lock icon in the address bar. In addition to keeping your user’s data secure, you’ll get an SEO boost—Google actually scores sites higher for using HTTPS. (Ready to upgrade? Your hosting provider should manage it for you, but if you’re flying solo, here’s a great guide for making the switch.)
Limit logins and users.
To protect your site from brute force attacks (the tactic of choice for most hackers), limit the number of times someone from a single IP can attempt to log in to your site within a certain period of time. Limiting the number of users who have admin access to your site and carefully assigning their permissions will also help further secure your site.
By scheduling regular site backups, you’ll know even in the event that your site is compromised, you can revert back to a recent version once you’ve fixed the issue.