5 tips for keeping your WordPress site secure

October 26th, 2015

Security is extremely important with any website and if it is not taken seriously the result can be disastrous.

Whilst WordPress is a fantastic website management platform it does often come attached with security issues – one of the main reasons for this is due to its popularity – this makes it a common target for hackers who will take advantage of any unpatched holes in your WordPress website or blog.

The aim of this article is to provide 5 tips for keeping your WordPress website secure and safe from hackers.


Tip 1: Keep everything up to date

This is probably the most important tip – having everything up to date puts your WordPress site in a very safe position to begin with; it means that any known security issues will be patched – this is crucial because known security issues are exactly what hackers are looking for.

Keeping everything up to date includes not only the core WordPress installation but also any themes and plugins that you have installed.

A default install of WordPress will automatically install core updates but they can also be installed manually from the dashboard under the Updates menu.

Themes and plugins will not update themselves automatically by default, so these should be monitored in the dashboard – updates for themes and plugins will show up in the same place as the core update notifications.

In addition you should also be aware of any plugins that have out of date or insecure files and functions within them. Some hosting providers will scan for these types of files automatically, or you can employ a website support agency to perform these regular checks for you as part of a website maintenance program.


Tip 2: Use secure passwords

This is a global security tip really and can be applied to many other areas of your online presence. Having a secure password makes it much harder for hackers to break in to your WordPress installation. At the very least a secure password should consist of at least 8 alpha-numeric characters, at least 1 uppercase letter and 1 special character. A strong password should also be something other than a common word found in a dictionary.

All of these factors will make a password harder to guess and will also help to prevent a hacker from using a brute force dictionary attack where a list of passwords are tried automatically.

You should not only use a strong password for your WordPress login but also for your FTP account, website control panel and also your SQL database(s) associate with your WordPress installation.


Tip 3: Disable unused plugins and themes

It is very common in WordPress installations for a lot of unused themes and plugins to be present –this often comes about when changes are made to the website and superseded features are left unmaintained.
This can be a massive security risk because plugins and themes could be left for a long period of time, because they are not in use they could be left and not updated. In addition if support for these themes and plugins ends then the developers may not even provide security updates.

To prevent this risk it is a good idea to uninstall any themes and plugins that are not in use – this will not only make your site safer but it will also make everything easier to maintain and will also reduce the load on your web server.


Tip 4: Limit login attempts to your WordPress site

Limiting the login attempts to WordPress is a pro-active security measure that makes it very difficult for a hacker to brute force their way in to your installation.

This plugin will automatically limit login attempts once it is installed. There are also many other security plugins that will include this feature.

The main benefit from limiting login attempts is that it will stop a hacker from using a brute force attack – in other words trying thousands of passwords automatically until they find the right one.


Tip 5: Keep regular site backups

Rather than being directly related to the security of your WordPress installation backing up your site creates a safety net in case something does go wrong. It doesn’t matter how secure you keep your site the possibility will always exist that you may get hacked.

Keeping regular backups ensures that you always have a way to easily and quickly recover from an attack, should it ever happen.

Some hosting companies will provide you with automatic backups as part of their service but even so it is a good idea to keep an additional backup of your WordPress installation. There are many free plugins for WordPress that make this job easy. There are also some premium WordPress backup providers that offer additional functionality such as offsite storage and automated restores.

CircleBC is a Sydney based digital agency located in Parramatta, we provide website maintenance and security services throughout Australia, including Melbourne, Brisbane, Adelaide, Perth, Canberra and Hobart.