WordPress is quite simply the most popular website development option out there - about 30% of websites are made from WordPress.
Some more stats:
- In 2017, 4,000 WordPress installs were infected with Malware because of a fake SEO plugin.
- Out of 8,000 virus infected websites…Wordpress accounted for 74% of them!
- 8% are due to terrible passwords.
No one wants to be hacked, it’s the worst – I promise! One of my clients (before they were my client) were getting hacked multiple times a year. The malware that attacked them deleted content and made their site look a mess.
It was a headache for them constantly – never mind the added expense of always having to pay to have it removed (FYI – since being with me, they haven’t had any attacks).
However, you can do your best to avoid this by doing these 5 fast and easy things:
NUMBER 1 - DO BETTER WITH PASSWORDS
Crappy passwords aren’t good for anything, especially for your business website!
If you have used a password ANYWHERE else, you cannot use it again. Please don’t do this.
You can try a software like I use called Keeper Security – it locks down all of my passwords…which means I really only have to remember ONE password. As long as I can access Keeper, I can access any passwords.
Or try creating tougher passwords with 12 letters (at least 2 uppercase), 2 numbers and 2 symbols.
I cannot stress how important this is for everything you do, not just your website.
NUMBER 2- UPDATE WORDPRESS REGULARLY
Every time something changes with security, WordPress updates. They are VERY good at keeping things as secure as they can.
Make sure you update WordPress. Most installs are about 3-4 behind; that’s crazy!
Check every single week to see if there’s a new update – or better yet, let it AUTO update so you don’t even have to worry about it.
An old WordPress install is a huge vulnerability.
If you’re scared to update, then pull a back-up of your whole site first. I use a plugin called Duplicator for this. It’s easy and does the job really well.
NUMBER 3 - USE AN UNUSUAL ADMIN ACCOUNT NAME
When WordPress is first installed it automatically creates an Admin account and SO often people just leave this as is.
Do not do this.
Instead, customize the Admin account name to be something more unusual, like “main23wp”.
On top of that, NEVER use your username as the default for author name. Always change that to show their first name instead of their username.
Handing over usernames to hackers just gives them one less thing to do when they want access to your site!
Stop helping them.
NUMBER 4 - DISABLE WORDPRESS EDITING FROM DASHBOARD
You can edit core WordPress files right from the dashboard (when you login to you website), which means, so can hackers!
Make it harder for them!
Stop allowing edits to take place this way. Access to your core files should only be available via FTP or the File Manager via your host.
While this is slightly more advanced, it’s simple enough that anyone can do it.
Again, and ALWAYS, if you’re worried, pull a full back-up before you do this. Here are the quick steps to do this:
- Login to your core files using FTP or your File Manager.
- Find the wp-config.pho file.
- Add the following code to the file:
// Disallow file edit define( 'DISALLOW_FILE_EDIT', true );
Once complete, you will no longer be able to EDIT files under the Dashboard (Appearance).
NUMBER 5 - DELETE THINGS YOU DON'T NEED
Files, plugins, and themes that just sit there doing nothing are just calling to hackers to use them in their plans.
So, always delete things you don’t use or need.
- Deactivating a plugin is not enough, if you don’t use it – delete it!
- Many people will install a couple of themes when they’re unsure about what one they want to use. Make sure that you delete the ones you did not choose and all but 1 of the WordPress standard themes (I always keep the latest one just in case I need it).
- Delete these unnecessary files via FTP or File Manager:
THESE 5 EASY AND FAST WAYS WILL HELP YOU SECURE WORDPRESS
There are still so many more things you can do. I actually complete 17 security items when I start a new project for a client.
If you have any questions, please let me know.