If you’re starting a new WordPress websites, you’re probably not thinking about security, isn’t it?
If you run a website whether business or personal then ensuring that it is secure is important for a number of reasons, as shown below :
- To prevent Malware (viruses) being uploaded to your site
- To prevent Phishing emails being sent via your website
- To reassure your website visitors that your website is safe
- To get a better ranking in the search engines like Google
- To protect your business from getting hacked and to protect against losing vital data
The Most Security Issue
WordPress became one of the most popular platforms to create websites with.
That’s why we want to point out some possible problems here. Because, when your site is hacked, it will cost you a lot of time and efforts to put it back. In some cases, you won’t even be able to put it back! The tips in this guide could help you a lot protecting your WordPress website.
Keep WordPress platform, theme and Plugins Up To Date
Updating WordPress and your plugins to the latest version is very important for security. Every time a security hole is solved, WordPress releases an update. The same goes for plugins.
The only downside is that sometimes some plugins won’t be compatible with the newest WordPress version. That’s why it’s important to only use plugins that are good maintained.
Enhancements During Installation
Enhancing WordPress security already starts during the installation of WordPress
- Administrator name: when choosing an administrator name during installation, don’t choose “Admin” or “Administrator”. These are much to easy to guess for hackers!
- Table prefixes: default table prefix is “wp_”. Change this to something else, so hackers can’t guess the name of your tables
Changing the Administrator Name
If you didn’t install WordPress by yourself, then your administrator account name probably is “admin” or “administrator”. In this case, you’d better do the following:
- Create a new user with administrator rights
- name it everything you want EXCEPT “admin” or “administrator”
- log in with the new administrator account and DELETE the original one!
Create an Editor Account to Create Content
Okay, next thing you should do is creating a new editor account. This is important because I advise you not to use your administrator account to create content. Only use your administrator account for managing your blog.
For creating content, you should have a user account with editor rights:
- Create a new user with editor rights
- Give it a name
- Test this account
Choose Strong Passwords
This one is actually very easy to do. Just choose a password that’s difficult to guess.
Some tips to strengthen your password:
- pick a password that’s at least 8 characters long
- choose a short sentence as password
- add numbers
- mix capital and and lowercase letters
- replace letters by special characters
Plugins to Enhance WordPress Security
As for everything else, there are also some great plugins to enhance WordPress security.
Akismet : Akismet is one of the most popular plugins out there. It’s also installed by default. Akismet is the best way to protect your blog against spam reactions and trackbacks. And once it’s configured, you don’t have to care about it.
Better WP Security : Better WP Security is an amazing and free plugin that handles different layers of your WordPress security. This is what Better WP Security does:
- It creates database backups
- It has a basic one-click protection button, which is already fine
- You get an overview of all weak spots of your WordPress installation, and a chance to enhance security in a simple way
- With the installation and configuration of this plugin, you take WordPress security to another level without ending with a headache.
Backup your Blog
- A good backup system is vital for EVERY Website. Imagine your site gets attacked and you don’t have a backup…
- Personally, I prefer VaultPress. VaultPress is a service by Automattic, the company behind WordPress. It integrates nicely with WordPress and you don’t have to care about the technical details. Since a couple of months there is also an entry-level Lite plan, and it only costs $5 / month.
- There are a couple of great free backup plugins, for example BackWPup.