December 17, 2013
rosemary published this at 6:13 am
By Charles Mburugu
With the increase of hacking incidences, security has become a major concern for most website owners. Fortunately, there are several precautions one can take to lower the risk of attack. Here are some tips which will help enhance the security of your WordPress site.
1. Avoid free themes
WordPress offers numerous free themes that you can choose from. However, using such themes is generally not advisable since many have been found to contain malicious code which would make your site vulnerable to all kinds of attacks. If you must use a free theme, make sure you select one which has been developed by a well-established company. This also applies to WordPress plugins.
2. Choose a secure host
Web hosting plays a major role when it comes to security matters. Therefore, when selecting a web host, don’t make the mistake of settling for the cheapest option available. Instead, take time to do your research and identify a provider that is well known for secure hosting. Though it might cost you a little extra, you won’t have to worry about your website’s security.
3. Update regularly
In an effort to enhance security, WordPress releases regular updates which are aimed at dealing with potential or real threats. Therefore, it is very important to keep your site updated with the latest WordPress version. Failing to do so will leave your site vulnerable to hackers who target outdated WordPress versions. Always be on the look-out for ‘Update now’ messages on your dashboard. Plug-ins and themes should also be updated immediately a new version is released.
4. Use a strong password
Using a weak and predictable password such as ’123abc’, ‘wordpress’ or ‘password’ will make your WordPress site more vulnerable to attack. Therefore, you need to find a more complex password, but one which is easy to remember. Combine symbols, numbers and letters to make it harder to crack. However, avoid using the same password across different accounts.
5. Don’t use the default ‘admin’ username
Many people have ‘admin’ as the default username on their WordPress sites. Having such a username, combined with a weak password, will expose your site to all kinds of security risks. It is therefore very important to alter your username to something which is more unique. In addition, you need to ensure that the username is hidden from author archive URL.
6. Limit login attempts
Hackers and bots try to access your site by making repeated login attempts using different variations of usernames and passwords. WordPress offers great plugins which can help you limit the number of login attempts on your site. In addition, you can choose how long the specific IP address will be locked out before they can make another attempt.
7. Use security plugins
WordPress offers a wide range of plugins which can help enhance the security of your site. Some of the most popular include Bulletproof Security, Better WP Security, Wordfence, Sucuri Scanner and Website Defender. Most of these plugins are free and can easily be downloaded and installed on a site.
8. Backup frequently
Backing up frequently is something that should not be overlooked. Even when you have taken all the above security measures, your site might still fall victim to a malicious attack. If your content is backed up properly, it will be easy to recover your files and restore your site. There are several WordPress plugins which can help you schedule frequent automatic backups.