5 Fast and Easy Ways to Secure your WordPress Website

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on whatsapp
Share on email
Share on print

WordPress is quite simply the most popular website development option out there - about 30% of websites are made from WordPress.

Some more stats:

  • In 2017, 4,000 WordPress installs were infected with Malware because of a fake SEO plugin.
  • Out of 8,000 virus infected websites…Wordpress accounted for 74% of them!
  • 8% are due to terrible passwords.

STATS FROM: https://www.codeinwp.com/blog/wordpress-statistics/ 

No one wants to be hacked, it’s the worst – I promise! One of my clients (before they were my client) were getting hacked multiple times a year. The malware that attacked them deleted content and made their site look a mess.

It was a headache for them constantly – never mind the added expense of always having to pay to have it removed (FYI – since being with me, they haven’t had any attacks).

However, you can do your best to avoid this by doing these 5 fast and easy things:

NUMBER 1 - DO BETTER WITH PASSWORDS

Crappy passwords aren’t good for anything, especially for your business website!

If you have used a password ANYWHERE else, you cannot use it again. Please don’t do this.

You can try a software like I use called Keeper Security – it locks down all of my passwords…which means I really only have to remember ONE password. As long as I can access Keeper, I can access any passwords.

Or try creating tougher passwords with 12 letters (at least 2 uppercase), 2 numbers and 2 symbols.

I cannot stress how important this is for everything you do, not just your website.

NUMBER 2- UPDATE WORDPRESS REGULARLY

Every time something changes with security, WordPress updates. They are VERY good at keeping things as secure as they can.

Make sure you update WordPress. Most installs are about 3-4 behind; that’s crazy!

Check every single week to see if there’s a new update – or better yet, let it AUTO update so you don’t even have to worry about it.

An old WordPress install is a huge vulnerability.

If you’re scared to update, then  pull a back-up of your whole site first. I use a plugin called Duplicator for this. It’s easy and does the job really well.

NUMBER 3 - USE AN UNUSUAL ADMIN ACCOUNT NAME

When WordPress is first installed it automatically creates an Admin account and SO often people just leave this as is.

Do not do this.

Instead, customize the Admin account name to be something more unusual, like “main23wp”.

On top of that, NEVER use your username as the default for author name. Always change that to show their first name instead of their username.

Handing over usernames to hackers just gives them one less thing to do when they want access to your site!

Stop helping them.

NUMBER 4 - DISABLE WORDPRESS EDITING FROM DASHBOARD

You can edit core WordPress files right from the dashboard (when you login to you website), which means, so can hackers!

Make it harder for them!

Stop allowing edits to take place this way. Access to your core files should only be available via FTP or the File Manager via your host.

While this is slightly more advanced, it’s simple enough that anyone can do it.

Again, and ALWAYS, if you’re worried, pull a full back-up before you do this. Here are the quick steps to do this:

  1. Login to your core files using FTP or your File Manager.
  2. Find the wp-config.pho file.
  3. Add the following code to the file:
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Once complete, you will no longer be able to EDIT files under the Dashboard (Appearance).

NUMBER 5 - DELETE THINGS YOU DON'T NEED

Files, plugins, and themes that just sit there doing nothing are just calling to hackers to use them in their plans.

So, always delete things you don’t use or need.

  • Deactivating a plugin is not enough, if you don’t use it – delete it!
  • Many people will install a couple of themes when they’re unsure about what one they want to use. Make sure that you delete the ones you did not choose and all but 1 of the WordPress standard themes (I always keep the latest one just in case I need it).
  • Delete these unnecessary files via FTP or File Manager:
    • Readme.html
    • Wp-config-sample.php
    • /wp-admin/install.php

THESE 5 EASY AND FAST WAYS WILL HELP YOU SECURE WORDPRESS

There are still so many more things you can do. I actually complete 17 security items when I start a new project for a client.

If you have any questions, please let me know.

Get my 10 ways your website is saying "NO!" to your clients!

Amanda

Amanda

Amanda Ross is the President of SparkologyLab (SL) and the creator of Brand In A Snap (a division of SL). She loves designing stuff in the digital space, trying different curry recipes, and squishing her puppy, Buffy (the people slayer). The topics she shares about are design how-to's, marketing, and digital tips. You can learn more about her on LinkedIN: www.linkedin.com/in/heyamandar

Leave a Replay

Let's Make Them Rave About You!

Looking for a gorgeous website that also moves visitors from lookey-loos into action-takers?

Cool! Let’s discover what your current website and brand are missing and what needs to be done to make that baby shine like Dorthy’s shoes!

Recent Posts

7-ways-to-making-it-simple-for-people-to-donate-yo-your-cause-online

Take the FREE Quiz!

Find out if your website is making it HARD for people to donate money to your amazing cause.