5 Security Tips for your WordPress Website
Today I want to talk to you about Security Tips for your WordPress Website, five things that you can
do today to your current WordPress website to make sure that you have great
security in place.
Okay, it’s super important that you do these steps, you may have
thought about doing a couple of
them but maybe not all of them and they all can make a great
difference in your WordPress website.
So, let’s get started.
Five Security Tips for your WordPress Website
Five Security Tips for your WordPress Website you might not have thought about.
Tip Number 1 – Usernames & Passwords.
The very first one is your username and password because
whenever you establish your account whenever you start to build your WordPress
website you’re going to be entering in your username and password, and if that
is something that you’ve set to a very easy to hack username and password, you’re
going to get hacked!
You may be thinking to yourself well why would anybody ever want
to hack my website?
You may have a website about dogs who like chasing their own
tails, nobody would ever think about hacking my website.
It doesn’t matter, hackers have robots out there on the web&
designed to look for outdated WordPress websites.
There are hackers out there looking to just be malicious and
cruel and take over your website,
so it doesn’t matter if you think that I’m an obscure
website nobody’s ever going to bother me , I
promise you if you leave these things, these 7 Security Tips
for your WordPress Website that I’m talking about today, you leave them
untouched and untended to you’re going end up with a
broken website at some point.
So, I want you to be sure that your username and passwords
are set in place, you certainly don’t want to be using admin as your username and you certainly don’t want to have you
know password 123 or
ABCD or 123456 or anything easy like that.
Those passwords are that generically Get Set you want those
to be locked down tight, and that’s one of the new updates that happened in WordPress’s
Tip Number 2 – Updates.
Updates are the second tip, so we want to be sure to go in
and have all of our updates in place.
Update are really important, they are needed for security
purposes, they are released with an alert in your WordPress Dashboard, so you
want to be sure and click update.
Before you update WordPress, themes and plugins, it’s always
a good practice to back up your WordPress website, just in case anything goes
wrong. Most of the time it goes fine but you never know. In any case, you
should make regular backups of your websites.
There are loads of services and plugins to back up your
WordPress site, I have had trouble with some of the free back up plugins in the
past, they seem to work if your site doesn’t have too much data on it, but a
lot just don’t work on larger sites.
There’s nothing worse than losing your WordPress website, or
having it go wrong and not being able to put it right again.
My personal favorite and tool of choice is WP Twin, it
clones your site, so if you ever lose everything, you have a perfect copy,
everything, the database, usernames & password, all your content and themes
and plugins, even the premium ones. And it’s so easy to use. It’s not the
cheapest but it is by far the best I have used.
You can check it out here if you like WP Twin Plugin
So always back up and
update your WordPress website.
Not just the core WordPress updates but all your themes and
plugins. Make sure username and passwords are tricky for hackers.
I also recommend having at least one extra theme installed
on your WordPress site, for security purposes, in case anything were to happen
to your current theme you can easily activate your other theme and your back up
and running. At least you will have an access point to get back into your website
in case it breaks, that’s always frustrating!!!
Tip Number 3 – Comments & Spam.
A lot of people get a huge amount of spam left in their
comments section, if they are using their WordPress website as a blog.
So there are some things you can go into in your settings,
you need to go into discussion and you
can just read through these things.
As you can you see, it starts over here, the sentence starts
on the left side, this is a little difficult because sometimes people just read
down through the right part or the sentence, and says anyone can post a comment.
Yes we want anybody to post a comment, but that’s not the
full sentence, it says
“email me whenever anyone posts a comment”
“email me whenever a comment is held for moderation”
So, the sentence starts on the left, as shown in the
Make sure to read through all these, be sure that you know before
a comment appears the comment must be manually approved you can click that.
You can do all sorts of things like hiding certain comments
if they contain certain words.
You can blacklist certain comments with any sort of words.
You can require that the user have an account and be logged
in, so they must be registered and logged in to comment.
You can require all these if you like. I suggest you go
through here, see exactly how you want to work these settings and make changes
as you see fit.
Everybody’s preferences will be different, just check or
uncheck the boxes and click Save Changes.
Any comments that do come through be sure that your
moderating them, go to your comments section and be sure to approve or move
them to spam.
There are robots that search for WordPress sites that auto
approve comments and people use software to post spam to these sites. You
really don’t want spam links from your site.
Another thing you could do is to install a plugin that lets
people comment using their Facebook account, this will cut down spam as they
need to be logged into their account.
A great plug-in that you can use on your website, it’s free
but does have a pro version if you wish to use it. It’s called Sucuri, By
Sucuri, you want the one with 300,000 + Active Installs.
You can start to be to run tests and be sure that your website
is not been hacked and that you don’t have any malware sitting on your site and
that everything is good to go. You do have to generate an API key but again
it’s free for you to do that.
Tip Number 4 – Hosting.
There are hosting companies out there that specialize in
only hosting WordPress websites. This isn’t for everybody as they are generally
more expensive than regular hosting, but they keep on top of security, most will
push important update through to your site for you or they will send you an
email or alerts that saying something along the lines of “hey this plug-in is
now susceptible to hacks, it’s bad if you’re running this”
They are great with WordPress support issues as that is what
the specialize in. There are lots of great hosting companies out there with
reasonable rates but have you ever contacted your hosting company and had the
reply “sorry we can not help you, that’s a WordPress
issue”, just something to think about.
A great company to check out is WP Engine
if WordPress hosting is of interest to you.
Another security option if you don’t want to change hosting
companies is to get a secure socket layer or ssl
secure server license or whatever other names they call it. It’s basically a
secure connection to your site .
For example, if you go to YouTube, there is a padlock icon
next to the address bar on your browser.
If you click on it, it will bring up the secure connection
information. An SSL will also give you a https:// in front of your website
Again, it’s not a cheap option, it’s about fifty to eighty dollars
a year to invest in, but it gives you and your visitors peace of mind especially
if they are sending you an email or somebody’s typing in their contact information
or if somebody’s typing in a registration form or purchasing with a credit card
or making a donation it’s now secure.
Tip Number 5 – Backups
Last but not least thing that I want to talk to you about is
your backups, I touched on this earlier, but it is so important.
I know it can be a pain, but any of you who have lost data
and not backed up know what I’m talking about. I’ve had a few hard drives fail
on me and it’s a nightmare! And it’s the same for your websites, if your site
goes down for any reason, you should have a backup.
As I mentioned before I love WP Twin to back up my sites, Its also great for transferring your WordPress site to
another hosting company with ease.
I like WP engine is they allow you
to do all sorts of really amazing stuff when it comes to backing up, they
automatically backup not only your files but also your database you can set that
to be backed up several times a day if you wish if you update your website very
often, or daily or weekly or however often you’re making changes.
And you want to have a fresh backup in place, you can set that
up automatically to happen and with one click you can restore your website back
to where it was, no more freaking out
about I’ve lost my
website they’ve got a safety net in place that’s just amazing.
Again, WP Engine, it’s not for everybody, but you may
want to consider it further down the line or if you have a lot of WordPress
If you don’t again want to be using WP engine or WP Twin there
are free plugins, I haven’t had much success with them, but I’m sure there are
loads out there that I have not heard of or tried.
One thing I would do id create a
dummy or test WordPress website and fill it with dummy content and loads of
dummy pages and then try the free plugins to make sure they work.
There we have it, I hope you found these 5 Security Tips for your WordPress Website helpful. Some of these tips are basic but essential.
Until next time,