5 Easy Tips to Secure Your WordPress Site & Prevent Hacking
WordPress is the backbone for approximately 25% of the websites online today. For that very reason, it’s a major target for hackers. At MB3, we do a lot of work with WordPress, and so we often make recommendations to our clients on keeping their sites secure. Here are the top 5 pieces of advice we give them (and now you) to secure their WordPress sites and prevent hacking:
Use a secure, “Aaron Approved” password.
We have a running joke with our clients that when we give them the login information for their site, the passwords are very complex and difficult to remember. These passwords are created by our CTO, Aaron, and are that way for a very good reason. You need a strong password for all of your online accounts – not just your website. A strong password includes letters (upper and lower case), numbers, and symbols – at least 8- 10 of those elements combined randomly. Don’t use any information that can easily be googled or that a family member might already know. Your name, kids names, pet names, birthdays, street names – are not secure. The same goes for obvious passwords such as ‘love,’ ‘1234,’ or even ‘password’. If it’s easy to say or easy to remember, it’s easy to hack.
If you’re having trouble coming up with something random, there are great resources out there:
Keep Your Site Updated.
Developers in the WordPress community are constantly making changes to the platform, its themes and its plugins to make it as secure as possible. Always make sure you’re running the latest version of WordPress, and make sure all your themes, plugins and add-ons are up to date. In your WordPress dashboard, you should see alerts if something needs updating. And at the bottom of your screen you will find the latest version of WordPress that you are running and should get notified when you need to update.
Back It Up!
Backups are essential before doing making any updates. Ideally you should be backing up your website frequently anyway to make sure you have the latest version on file. That way, in the event you are ever hacked, you can easily revert back to a previous version of your site that hasn’t been hacked. Luckily there are some great backup options out there for WordPress: VaultPress, BackupBuddy and CodeGuard are the three most common.
Install an SSL Certificate.
SSL, or Secure Sockets Layer, adds a layer of encryption to the transfer of data between your website and its database. It helps protect user information from being captured and read in between the two – think entering an email address to sign up for a newsletter. An SSL certificate is what puts HTTPS in your URL and that little green lock icon next to your website URL in the top of your browser bar. These things signal visitors that your website is secure. If you don’t have this set up, you’ll need to purchase, activate and validate, then install your certificate.
Install a Security Application.
There are tons of security application and plugins out there that help protect your website more behind the scenes. The features of each plugin vary depending on which one you choose and how much it costs. When looking for one, you’ll want to make sure it: fixes known WP/Plugin holes, scans sites for malicious files, stops or prevents attacks, and helps strengthen your user credentials. There are also more comprehensive options such as Cloud Flare that offers site and speed optimizations as well as firewalls and protection against DDos Attacks. If you’re unsure how to find the best tool, check with your developer.
Secure Your Forms.
Forms are a great way for you to collect user information and for your consumers to engage with your site, but they can also open a door for hackers. If your website uses forms, there are a few steps you can take to make sure they are secure. Be sure you have that SSL Certificate setup and installed. You may also want to disable auto-fill so a user’s information is not stored and vulnerable to attack if they use a public computer or have a stolen phone. Adding a captcha system also helps – there are some traditional options, and some fun alternatives you can set up such as Sweet Captcha.
The security of your website and your customers information should be a top priority. There are lots of things your developer should be doing to protect your website on their end as well, so be sure to discuss website security with them. If you don’t have a developer, reach out to a local web development agency (hi there!) and ask how they can help.