WordPress is still the most widely used website design and development system. The platform makes it easy for anyone with even the most basic PC skills to construct a working website from scratch. Within minutes you could setup a company website with contact forms, maps and live chat features. Best of all, you don’t need any coding experience. WordPress is free and installs within seconds. A few clicks later and your website is ready with a stylish theme and host of plugins to extend the basic functionality. This content management system lets you add pages to your main website and posts to your blog without you having written any HTML.
Why the need to speak about WordPress security? WordPress is an opensource platform. This means that anyone can write code to plug into WordPress. Anyone including hackers and scammers. The source code of the system is exposed so anyone can build plugins and themes. That becomes a little scary and therefore we need to talk about how you can secure your WordPress website.
Look at what happens when you Google “wordpress vulnerabilities”. Click the “News” tab. You will see articles written in the last few hours. WordPress vulnerabilities are real and they may affect you.
Twitter is currently buzzing with news of constant attacks against WordPress sites.
— Eric Vanderburg (@evanderburg) March 17, 2020
Before we dig into WordPress security, let’s look at some general website security elements. You cannot run a website without these, your website will be compromised at some point.
General Website Security
- Secure Hosting
- Your web hosting platform must be reliable and offer a minimum up-time of 99%.
- There will be downtime for maintenance but other than that you need to be up and running all the time.
- The hosting company will provide security at a server level while you take care of your website property.
- Malware Protection
- If your website gets infected with malware or attacked by hackers you could end up being blacklisted at Google.
- Malware protection services guards your website against malicious activity and generally automatically scans your website daily.
- The malware scanners will alert you of any attacks and clean your website up as well.
- SSL Certificate
- The core function of an SSL certificate is to protect data being exchanged on your website.
- Your SSL certificate also verifies you as the website owner.
- SSL certificates also improves your Google rankings as the search engine will prioritise sites with encryption.
- Website Traffic Monitoring
- You will only know what’s happening on your website if you monitor the traffic.
- Google Analytics will show you where your traffic comes from, what they did on your site and determine if a goal was completed.
- The tool is free and available to websites of any size.
- Back-up Solution
- In the event of anything going wrong, restoring a backup of your website should be quick and easy.
- Your hosting provider usually has the solution built-in, best you double-check.
- WordPress websites work with website files and a database. You need the ability to back up and restore both.
Website Security for WordPress
WordPress Security Checklist
While you can never 100% bulletproof your WordPress website, you can certainly take care of some basics.
- Change the Default “admin” username – You can do this on setup. Change it to something complex. You can always recover the details using your email address.
- Limit Login Attempts – There 3rd party apps to assist you with this. It’s regular practice to limit login attempts to 3.
- Change WordPress Database Prefix – WordPress needs a database to run and during your installation tables are created in that database. To identify these tables a text prefix is added to each table. Change this from the default to make it harder for the bad guys to break through.
- Password Protect WP-Admin and Login – These are folders in your WordPress website files. Key information is stored in here so protect it using the file manager’s password protection feature.
- Automatically log out Idle Users – Again, using a third-party app, force idle users to log out.
WordPress Security Plugins
- All in One WP Security & Firewall – Implements and enforces the latest recommended WordPress security practices and techniques.
- Wordfence – Web Application Firewall identifies and blocks malicious traffic.
- cWatch Malware Removal – Web malware detection by cWatch will identify and kill malware that has infected websites followed by remediation services.
WordPress Security Blogs
- Free tips and advice by WPBeginner
- Up-to-date articles on WordFence
- Not just WordPress but anything related to website security on The Daily Swig
Recent WordPress Security Vulnerabilities
- Popup Builder WordPress Plugin Vulnerability
- Themegrill Vulnerability
- WordPress Plugin Duplicator Attack
- ThemeREX Vulnerability
- Flexible Checkout Fields for WooCommerce
How to secure WordPress Website from Hackers
- Update your theme and plugins to the latest versions.
- Remove unused plugins and themes.
- Make sure that your malware scanner is running.
- Perform a back-up of your site and database regularly.
- Check if additional files and folders have been uploaded to your site, run your malware scanner if you notice anything suspicious.
What can I do to manage WordPress security better?
WordPress is great to get you started but it’s a mission to manage a WordPress website. You can never plug and play with WordPress, it’s too risky. How do you work around all these issues? Rather invest in a self-contained design system which requires very few of the elements mentioned here. The 1-grid website builder needs no plugins or themes to be uploaded and the team manages the security on your behalf.
Website Builder Features
- Easy Website Builder Editor
- Drag visual elements to a page and click publish
- Contact Forms
- Google Maps
- Change Colours
- Add Your Logo
- Free Stock Images
- Add Videos
- No plugins to manage
- Built-in security updates
WordPress might be overkill for the website you wish to have. Go with a lighter, more secure system. Check out our Website Builder.