VPN Articles and News

How To Keep Your WordPress Site Secure

By
Monday, June 2nd, 2014


WordPress is the most popular blogging platform and Content Management System on the web. According to reliable estimates, it is used on more than 60 million websites. Due to its popularity, WordPress based websites are also frequently targeted by hackers and criminals. Since hacking of a WordPress website can lead to loss of content, data and audience and may also result in expensive downtimes, it makes sense to learn how to keep it secure. In this article, we will discuss several methods of securing a WordPress blog.

1) Use Strong Passwords – Using a strong password is your first line of defense against hackers. Choose a password with 8 or more characters (the more the better) containing a mix of alphabets, numbers and special characters. Additionally, you should not use a password that can be easily guessed by looking at the theme or content of your website. For an extra level of security, you may also enable 2-step authentication through plugins.

2) Update WordPress, Themes and Plugins – In order to remain protected from the latest security threats, you should update the WordPress software as well as the plugins and themes installed on your site regularly. This can be done by logging into your WordPress site and checking the notifications available in the Dashboard area. In case you are worried that your WordPress theme or a particular plugin may not work with the latest version of WordPress, you can do a test installation to check the compatibility.

3) Prevent Unauthorized Login Attempts – Since hackers use automated scripts to test the login vulnerability of a website, it is absolutely essential to prevent unauthorized login attempts. This can be done by using a plugin like “Limit Login Attempts” or “Login Lockdown” which can disable the login page after a set number of unsuccessful attempts. Speaking of login security, you should also delete the default admin username and create another user with administrator privileges.

4) Take Regular Backups – Apart from taking security precautions, you should also take regular backups of your WordPress blogs. This will allow you to quickly reinstate your website if it does become a victim of a security attack. There are plenty of good WordPress backup plugins available (for instance, WP-Backup) that can create automatic backups of your WordPress blog, its content and even its database on a daily basis.

5) Choose a Reliable Host – For total security of your site, it is also essential to choose a reliable hosting provider. Check the security features and failsafe mechanisms available to customers before finalizing your hosting company. Most reputed hosting companies provide security from DDOS attacks and even assure a reasonable level of uptime.

6) Use a WordPress Security Plugin – Even though your hosting company may have installed a good anti-virus solution on its servers, it still makes sense to use an additional security plugin for your WordPress blogs. This would prevent your site from getting hacked due to plugin, theme or script vulnerabilities. A lot of free plugins and themes have hidden backdoors installed within them but you can prevent such scripts from launching security attacks and leaking sensitive information by using a reliable security plugin. It is also essential to block access to outdated or sensitive information through htaccess file.

7) Check File Permissions – A lot of security attacks succeed because site owners grant Write or Execute permissions to certain folders. It is worthwhile to check the permissions of the core WordPress directories after installing the CMS (as well as plugins and theme) so that your website doesn’t become a victim of security attacks.


June 2, 2014
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


4 + 5 =