WordPress security, like locking the doors of your office and setting the alarm, is not a one-time act. Keeping a website safe from malicious robot hackers is a real thing and takes repeated, diligent efforts. There are some easy things that you can do right from the start to keep your site safe. Having a good website host will help a lot, but as you install and setup your WordPress site, these are some easy WordPress security tips that you want to do next.
The Quick List of Easy WordPress Security Tips
- Change the admin username.
- Don’t use a simple password or the same password as your gmail.
- Don’t make everyone an Admin.
- Keep backups of everything. Back it up. Make and keep backups.
- Avoid the temptation to load up every plugin you can find.
- Don’t forget about your website. Keep it updated.
Change the Admin Username on WordPress
This is kind of like changing the locks when you buy a new house. Every single install of WordPress has to start somewhere, and they all start with the very first user named “Admin.” Since you login with a combination of username and password, anyone that knows your username is halfway into your site. Create a new user with any name that isn’t admin, login as that user, and then delete the admin. You just saved yourself from over half of the hacks that happen to WordPress sites.
Good Passwords for your WordPress Login
We’ve written about passwords before, and we’ll do it again, because passwords are one of the first lines of defense in website security. Don’t use 12345 or any of these common passwords and don’t use the same password you use everywhere else. (In fact, you shouldn’t have a password that you use everywhere else.) You should never email a password or write it on a post-it note next to your desk either. And if you want to start making better passwords for all of your logins, check out the password tips here.
Don’t Make Everyone a WordPress Admin
Besides letting everyone use the same login with a weak password, the next worst thing you can do is to create a bunch of new users and give them all admin access to the WordPress dashboard. Admins wield a lot of power, and it’s best to limit that power to a select few. Not everyone needs to be able to change the theme, delete users, or accidentally put your website into maintenance mode. Give people access to the thing they are going to be doing. Even Lieberman’s website admins here in Evansville log in as authors when they are writing blog posts.
Keep Backups of Your Files and WordPress Database
If your WordPress website gets hacked, the easiest way to unhack it is to restore the backup you made just before the hack happened. Think of backups as a way of saving money on all of the time you have to spend re-doing something. There are a lot of free or cheap backup solutions out there like VaultPress but check with your host first. Quality backups and restores may be part of your hosting plan.
Avoid the Wrong Plugins As You Start Using Your Site
One of the great things about WordPress is that it is so easy to add functionality to your website. Plugins can add Facebook feeds, sliders, picture galleries, maps, and all kinds of new features to your site. The problem with some of these solutions is that they open up a security vulnerability. Check the ratings and reviews before you install, and test to make sure there aren’t conflicts after installation. Be ready to roll back and restore your backup from yesterday if things get real messy. Old, outdated plugins can also be an attack vector for hackers, since they may be popular plugins that are sitting on thousands of sites worldwide.
Don’t Forget About Your Website, Keep It Updated, Keep It Safe
This sounds like a funny statement but it is true. Don’t forget about your website. Triggering updates as they become available helps to keep your site secure and improves performance. Check for updates every week or so and put a plugin like Sucuri on there to keep tabs on updates and strange activity. While updating your blog with fresh content and keeping your site current is a good practice for SEO, just looking at your site once a day or a few times a week will help you catch any problems early.
We would love to create and host a WordPress site for your business. We even provide customized training so you can managed the website content yourself. That way, you can focus on your business and the content of your website and leave the WordPress security to us. With our WordPress hosting, we provide backups of your website, run WordPress updates, keep plugins and themes updated, and test and inspect every plugin and theme that we use to build your site. We will even scold you if we catch you making a weak password.
Contact us and we can talk about hosting your WordPress website or creating a new one.