Can You Secure Your WordPress Website?
It’s difficult to know where to start with online security. But I think the best place to start is to understand that no website, no matter how sophisticated, can ever be 100% safe from hackers. To assume that, is your immediate failure.
Over 75 million websites run on WordPress. Thousands of WP sites are vulnerable to attacks and get hacked each day. During a hack, you could lose all your data, it can cost thousands of euro, or worse, attackers might use your WordPress to target your visitors with SPAM or redirects.
There are Bots that scan the web automatically for weak websites and hack into them within seconds. If your WordPress is vulnerable, it will be only a matter of time before you run into trouble. That’s why you should get started as soon as possible and check if your WordPress is prone to attack.
So how do we approach this quagmire of online security? I believe we should approach online security for websites in the same we take care of our cars. If you buy a new car tomorrow, it’s going to be all nice and shiny. Gradually, as it gets older, it will show signs of wear and slow down. If you go to your mechanic and get it serviced every few months, your car will run well and you won’t have as many problems, and your car might last 10 or 15 years. If you don’t get your new car serviced, the oil filters will clog up, the timing belt will go, the engine will seize, and your brand new car will be destined for the scrap yard in just a few short years.
Your website is much the same as this new car. To avoid exploits or web vulnerabilities, it is essential you keep your WordPress Core updated. Much like mechanics, I can tell you stories of large companies who had their websites hacked in the last 3 months. One company who are based in the UK came to us to help. While it took a bit of work to clear all the malicious code (and there were LOADS), we found that the hack was centred through a plugin which wasn’t updated. When we looked at their admin panel, the hackers had a choice of 13 plugins which hadn’t been updated in over 12 months. I know this sounds really basic and obvious, but updating your WordPress Core and plugins will solve many of your potential issues.
So how do we go about this? Well, WordPress releases new patches for the core codebase every 3 months or so. This update will contain many of the key security updates you’ll need for your website. Plugins are usually written by independent developers and could have updates available on any given day. The best way to keep on top of this is to log into your WordPress Admin every month and make sure everything is up to date.
QUICK SECURITY TIP
When you set up a WordPress website, it usually sets you up automatically as “admin”. While this is great, having your administrator username as admin is probably one of the biggest vulnerabilities you could have on your website. Since WordPress doesn’t allow you to change usernames by default, the easiest method for you to change the username is to create a new admin username and delete the old one.
WORDPRESS SECURITY PLUGINS
Much like your PC or Macbook, your WordPress website can have its own security and Firewall. There are hundreds of different plugins which you could use, but here are the 3 Plugins we use on all websites we build for clients.
Wordfence has one of the best reputations for WordPress Security with over one million downloads and a rating of 4.9/5. It covers login security, IP blocking, security scanning, and WordPress firewall and monitoring.
WordFence will do an initial scan on installation to check if the site is already infected. It does a deep server scan of the site’s source code and compares it to the Official WordPress repository for core, themes and plugins.
Much like all plugins you get for Free, there are some extra features you have to pay for. The premium version of this plugin includes country blocking, two-step authentication, scheduled scanning and more.
Download Wordfence HERE
Much like Wordfence, Sucuri offers a free plugin and a premium plugin that is available in the WordPress repository. This plugin offers various security features like malware scanning, security activity auditing, blacklist monitoring, effective security hardening, file integrity monitoring, and a website firewall. It is a security suite meant to complement your existing security posture.
The Sucuri plugin tracks all activity on your site. This includes when users log in or when changes are made to your site. This way, if there is a breach in security, you’ll be able to review the activity logs and find out what happened.
Download Sucuri Security HERE
All in One WP Security and Firewall
Another really strong plugin is All In One WP Security and Firewall. Much like Wordfence and Sucuri, it is very popular in the WordPress Repository. All In One WP Security is very user-friendly which is great for beginners and people who would not be comfortable going through the advanced security settings.
This plugin protects your website by checking vulnerabilities and implementing the latest techniques and security measures. A cool feature of All in One WP Security & Firewall is a meter on your dashboard that gives your site a score of how secure it is. By adding additional security options, you can increase your score.
It also has a security scanner that keeps track of files and notifies you about each change in your WordPress system. It can also detect malicious code in your WordPress website.
Download All in One WP Security and Firewall HERE
– Paddy Ryan Head of Technology at Trigger Media, CTO at Nutriband, and former Online Security Analyst with Paddy Power Betfair.