WordPress is hands down the most popular Content Management System / Framework in use today. More than 25% of the modern web is powered by WordPress. With such a large number of websites built with this software it’s no wonder that it has become the target of hackers.
How can you protect your WordPress Powered Website?
Your Server
Before I mention any plugins that you can use I want to first talk about your hosting account. You need to protect access to your hosting account by using a unique username, insanely hard & unique password and two factor authentication if provided. The reason this is important is if a person gains access to your hosting account they can head straight to your file manager in your control panel and cause problems that no plugin can stop.
Next I want you to make sure that your database name and password are unique and impossible for anyone to guess. You need to protect your database since that is where all the data from your site is stored and if altered can be detrimental to your site.
FTP/SFTP is another place to focus on. It is recommended to use sftp to transfer files and to change the password to, well you know by now, impossible to crack.
I would also recommend you limit login attempts to your server and make sure to monitor attempts to get in and blacklist IP’s that attempt access.
Your Website
Now on to protecting your website. My first tip is basic. Keep everything up to date. The beauty of WordPress is the fact that it is actively maintained by some very talented developers. It is open source which means that if someone finds a bug, it can be reported and then patched. It is a transparent CMS which is a good thing.
Only use Themes and Plugins from reputable sources. Make sure to keep them updated as well. Updates are a good thing. The same way your Apple Devices or Windows PC or Android System etc need updates, so does your Website.
Then I recommend you use these plugins to help secure your website.
WordFence Security
This security plugin is known for its ability to help fortify your website. It’s feature set is impressive and I highly recommend you install it on your site. Here is a link to download it from the WordPress Repository and take a look at the video which will show you how to install it. WordFence
iThemes Security
Protect your WordPress site by hiding vital areas of your site, protecting access to important files, preventing brute-force login attempts and more. Here is a link to download the plugin. iThemes Security. Check out the video to learn about it’s various features.
Other Tips
I don’t recommend logging into your website or server from a free or untrusted Wifi source. Anyone can be grabbing information over the insecure network. I also recommend securing your routers at home and work by changing the default passwords. Make sure never to share your credentials to your site or server with someone that doesn’t need access. Exceptions might be your web developer who will often have their own credentials or your Hosting Provider that might offer trouble shooting help.
Make sure you are the only admin user on your site and create an author account where you do your day to day postings. The admin account should be used for maintenance purposes only.
These are just a few tips to keep your website secure. If you need any help with your site feel free to reach out.