Thanks to its incredible flexibility, WordPress has become the most widely used content management system in the world. But in recent months attacks on WordPress websites have increased at an unprecedented rate. Here are some steps you can take to protect your WordPress website from hackers.
The first and probably most obvious key to keeping your WordPress website secure is to choose strong usernames and passwords. Rather than choosing a common username that can easily be guessed (like “admin” or your name), try and choose a complex username. We suggest a random selection of letters and numbers that has nothing to do with your website.
Passwords should also be as complex as possible. We suggest an 18 character password using a selection of both uppercase and lowercase letters, numbers and symbols. As with usernames, the strongest passwords have no names or words in them but are a random collections of characters.
If you struggle to think of such a password, there are countless online password generators that can be helpful. If you struggle to remember a complex password, you could choose to allow your browser to remember it. Finally, always make a safe, offline copy of your password (the weakest ink is better than the strongest memory).
If you enable two factor authentication on your WordPress website, you will be sent a code to your phone or email address every time you try to log in. This code then has to be entered before you are granted access to your WordPress control panel. This means nobody can get into your site without having access to your phone or email address.
There are various different plugins which enable this. In our testing we quite liked miniOrange 2 Factor and Google Authenticator for WordPress.
The next key to securing your WordPress website is to delete any inactive or unneeded themes or plugins. WordPress installations often start with a handful of preinstalled themes and plugins. As a general rule, each installed plugin and theme offers hackers a additional potential vaurability into your WordPress website. So just keep the ones you use and delete the others.
One of the ways hackers get into your website is through compromised plugins and themes. Thus the safest way to install plugins is through the search panel under “plugins” on your WordPress control panel. When searching for a new plugin, always read the reviews and choose wisely. The same precautions should be taken when choosing themes.
As hackers find new loopholes to attack WordPress websites, both the WordPress team and plugin developers release new updates to close up these vaunrabilities. Thus one of the most important ways to protect your WordPress website from hackers is to install these updates as soon as they are released.
Wordfence is a fantastic plugin with a number of features that helps to protect your site. It blocks suspicious users, stops most hack attempts and keeps you updated via email about any hack attempts and out of date themes and plugins.
Wordfence has a free version that works well and is very powerful. Once you have installed it onto your website, go through and check the different settings. For example, you can set the number of times someone can try to login with incorrect details before they are locked out from your WordPress control panel.
Cloudflare is another fantastic solution that adds multiple layers of security to your website that block some website attacks in a similar way to a firewall. The free service is fantastic and also offers a free shared SSL certificate.
To install Cloudflare you need access to both your web hosting and domain name control panel (or you can ask your web designer or developer to set it up for you). The Cloudflare website has a helpful control panel that enables you to control the various different settings for your website and view relevant statistics and details about blocked hack attempts.
Although the above steps will go a great way to minimise the chance of your WordPress website getting hacked, there is no way to guarantee the safety of your website. As a general rule, if there is someone clever enough to develop a website, there is someone clever enough to hack it.
So always keep a close eye on your website. Some of our clients choose to set their website as the homepage of their web browser so that they can monitor it on a regular basis.
Another important step is to create regular backups of your website so that if anyone hacks into it, you can quickly restore it.