Is your WordPress website safe and secure?

20/02/2015

Making your website more secure

We know from experience being hacked isn’t fun but what can we do to keep hackers out of our WordPress website?

Strong passwords

The simplest way to secure your site is with your password. Hackers will use software to attempt to guess your password. After trying all common passwords, hacking software will try a ‘brute force attack’ which will ultimately try every combination of lowercase letters, upper letters, numbers and symbols until it guesses your password. Depending on the strength of your password this could take years! So the strength of your password is the key. We would recommend at least a 12 mixed character password, including uppercase, lowercase, numbers and symbols. For example,

Hm14%*aP8gj0

This would take 174 years to crack, assuming one hundred trillion guesses a second!

To see how safe your password is visit Computer Hacking Expert, Steve Gibson’s Password Haystack page, https://www.grc.com/haystack.htm.

Use a password recipe to create a different but memorable password for each website you use.

Never use ‘admin’ as your username

Hackers will be able to identify usernames for a WordPress website using a few techniques, but why make it easy for them?

Keep updated

WordPress constantly refine their software so that it is more stable and secure. It is extremely important that you update your version of WordPress as soon as you get notified that an update is available. Hackers know that updates usually include security upgrades due to past vulnerabilities, so don’t let the hackers win.

Our top 3 security plugins are

  • Centrora Security™
  • iThemes Security (very aggressive, but does a good job)
  • Wordfence Security

Keep a backup

Keep regular backups of your WordPress site using one of many plugins available. We recommend

  • WordPress Backup to Dropbox
  • Duplicator – great for manual backups
  • BackUpWordpress – simple and emails you the backup
  • BackWPup Free – allows you to backup to various cloud services

These are just a few simple steps you can take to harden your installation of WordPress. Security is paramount in this constantly connected world, let’s do our little bit to help keep the bad guys out.