By: Matthew Nielsen, Published: February 4th, 2020
If you have a WordPress website, and are looking to make sure you’re being as secure as you can, then here’s a few things you can do to keep yourself, site, and users more secure.
Keep WordPress updated
Probably the biggest, and simplest thing to stay secure, is to keep WordPress core up to date. Keeping it updated minimises the chance that someone could use an old vulnerability to compromise your site. Using an up to date version of PHP is also equally vital. WordPress has a minimum PHP version requirement of 5.6, which was released in 2014 and hasn’t had a security patch since late 2018, so keeping it updated is a good idea.
Have a secure password (Might seem obvious, but it still needs to be said)
An obvious tip, but many people still don’t do this, is to have a secure login. It’s easy to make sure you don’t have the default admin login, and are using a strong password, but it can save you a lot of hassle. And not just your login should be made to be secure, but your users as well. Enforcing strong passwords on your site protects them as well as you. Using 2FA (2 factor authentication) with your login also helps additionally secure yourself from unauthorised logins.
Keep your plugins updated too
WordPress’s large variety of available plugins and themes lets you easily add features to your site. But each plugin is a potential security vulnerability, which is why you should be careful when adding them. Keeping your plugins up to date is just as important as keeping WordPress core up to date, so make sure to keep on top of it. Another thing to check is the last time your plugins were updated, using an old plugin that the developer has long since abandoned could have security holes that won’t be updated, so using plugins that are up to date, as well as being well known and reliable is always wise.
Something not just related to WordPress is backing up your data. Having extra copies of your data can save you from a myriad of problems, from malware, to it being overwritten, or even natural disasters. A good rule to follow with backups is the 3-2-1 rule. That is, have at least 3 copies of your data, on at least 2 different types of storage, with at least one of those kept offsite to the rest.
Have a secure host
On a related note, your hosting service should also be secure. Make sure to use a service that has good security measures and practices, and one that specialises in WordPress hosting is also not a bad idea, as it allows them to specialise their security for WordPress, as opposed to just general hosting security.
Stop login attempts
Obviously don’t stop any attempt, but limiting the number of failed attempts makes it difficult for anyone to attempt a brute force attack. On top of that, restricting idle login time, that is, automatically logging out users that have done nothing for too long means that no-one can hijack that user’s current session.
Any website that exists at this point should be using HTTPS, note the S for secure. Using a Secure Sockets Layer (SSL) means that the communication between your users and your site is encrypted, and can’t be snooped.
Managing a business can be difficult, let alone with what is required to be noticed online. A WordPress website hosted with Prodigi can help your business thrive, as Prodigi can help deal with all the technical stuff so you can focus on what’s important to your business. With automatic or managed updates and a security firewall, your website can stay secure, as well as any data that we can host for you. We also can ensure that your website is backed up, so you’ll never lose any data. And if any problems did arise with your site, Prodigi’s 24/7 monitoring means that it can be dealt with asap, keeping your business’ website up for your customers to see.