One of the things that is scary about having a WordPress site is that since so many people use WordPress, hackers tend to target it. On the other hand, one of the best things about having a WordPress site is that so many people have a vested interest in keeping it secure.
Hardly a month goes by when a major security threat isn’t launched against over 230 million vulnerable WordPress sites. Matt Mullenweg, the founder of WordPress, explained the threat in a recent blogpost. Hosting companies such as LiquidWeb work tirelessly to reduce the threat to their clients.
What can a WordPress site owner do to make sure his website or blog is secure? The technical details can be overwhelming, but it really comes down to some common-sense steps:
1. Don’t use the default admin as your username.
If you’ve never changed your username to something more unique, you should change it today.
- Log into your WordPress dashboard.
- Click on “Users” and then “Add New.”
- Set up a new user account for yourself (with a secure password, see below). Give yourself the “Administrator” role.
- After confirming that your new user account is set up, go back to “Users” and delete the old, admin user.
2. Use a strong password.
Passwords should be hard to guess and hard to remember.
- It’s best to use a combination of numbers, symbols, and lower and uppercase letters.
- Try to make it a long password, using 8 characters or even 10.
- Don’t use the same password on multiple sites. Each website should have a unique password.
- Change your password periodically.
So why don’t people do this step? Because they’re afraid they’ll forget all these unique passwords! I recommend making a document on your computer where you store all your usernames, passwords, secret hints, and associated email addresses. Now you won’t have to keep all these details in your head, nor will you be tempted to use the same password repeatedly.
3. Keep your site updated.
When you log into your WordPress dashboard, you will often be told that you need to update something, such as
- Your theme
- Your plugins
You should make it a habit to update all of these things often. My Google calendar reminds me to check for updates on all my sites each Sunday. Updates are often released because of security threats, so simply updating your site often will go a long way toward protecting you.
4. Always keep a backup.
You should backup your site weekly, or even more if you’re making frequent changes.
- The easiest way to update your site is to use a plugin such as Backup Buddy, which I use on all my sites.
- If you prefer, you can also follow the instructions given by WordPress.
5. Use security software.
It isn’t possible to keep up with every new threat that comes against your website. I recommend installing security software, such as WordFence or Loginizer, to help out. If your site gets attacked, turn to professionals such as Securi to clean up the damage.
Keeping your site secure is a bit like doing the laundry… it’s one of those jobs that just needs to be done, day after day, week after week. Otherwise you’ll run out of clean underwear and have a bit of an emergency! Set some reminders to help you get in the habit of doing your website “chores” consistently.