So as we know, I love using WordPress! But as with all software, you need to ensure it is secure! In this post I will go over how to secure a WordPress site properly! I will go over ways you can secure your on site pages such as your admin dashboard and also ways you can secure your server if you are using a VPS or Dedicated server.
If you would like me to secure a WordPress site properly for you then just get in touch with me so we can work something out!
Proper WordPress Security
In this section I will go through the on site measurements you can take to secure a WordPress site properly. If you want any or all of these implemented but aren’t sure about how to go about them then be sure to get in touch with me so we can work something out!
Choose a Strong Password
The best way to secure your site is make your password unguessable. What I recommend is to have an admin account that is NOT named admin with a super strong password and you just store the password somewhere (securely).
Then you should have an editor account which can be used to manage all your content. You should still use a secure password for all accounts but it’s super important that you have a strong admin password.
You should also consider using two factor authentication. This is a really good way to stop attackers and hackers getting access to your admin dashboard. You can use free plugins that are available.
Security Plugins
Downloading and using security plugins are a great way to take care of a bunch of security tasks!
My favourite plugin is iThemes Security. They have a free version and paid version. Both versions are extremely reliable. As with all security plugins it does need a bit of know how and configuration to get working well. You can follow their guide or get in touch with me if you would like it done 🙂
File Permissions
Having safe file permissions for your WordPress site is important to ensure attackers can’t upload malicious scripts to your site. The WordPress codex has information on file permissions. It depends on your server setup and how much access you have to the server to come up with the best file permissions for your site.
Change Your Table Prefix
By default, WordPress assigns the prefix
wp_
to all tables in the database where your content, users, and objects exist. For potential attackers, this means it is easier to write scripts that can target WordPress databases as all the important table names for 95% of sites are already known. Changing the
wp_
prefix makes it more difficult for tools that are trying to take advantage of vulnerabilities in other places to affect the database of your site.
If you haven’t already installed WordPress you can change the prefix on the installation screen. However, if you have installed WordPress then you can follow a tutorial or get in touch with me and I can sort it out for you! You could also use a security plugin like iThemes Security (mentioned above) which can do it for you.
Backup! Backup! And Backup Again!
If someone wants to spend their life hacking your site, they will do so. But, not many people will dedicate their entire life to hacking one site. It may not always be possible to prevent hackers and attackers. It is therefore important you have backups in place in case something goes wrong!
On this site I use the BackWPup plugin and back up everything (files and database) to dropbox (off-site and safe!) every day and also have the backup emailed to me weekly. This way the backups are not on this server which means if something goes wrong on my server then I still have the backups on dropbox. And if dropbox somehow collapses (which it won’t!) I have my email as a backup backup. And if Gmail shuts down. Then… I’m screwed!
Those are what I see as the most important ways to help you secure a WordPress site properly. If you would like help on how to secure a WordPress site properly then be sure to get in touch with me and we can sort something out!
Securing Your WordPress Server
If you are running WordPress on a VPS or dedicated server you will also want to secure the server! If you want any or all of these implemented but aren’t sure about how to go about them then be sure to get in touch with me so we can work something out!
I recommend you follow the the Linode guide on Securing Your Server to get your server secured properly and making sure attackers can’t get access to your root account easily, or at all!
If you would like help on how to secure a WordPress site properly or on how to secure your WordPress server then be sure to get in touch with me and we can sort something out!