In a recent article, I wrote about how to avoid potential WordPress problems. I did cover some basic security issues that you can come across but didn’t really go into any great detail on how you can secure your WordPress.
In this article, I will give you some very good steps to show you how to avoid security problems by securing your WordPress site. Every new blogger starting a blog needs to read this article.
How do you avoid WordPress security problems?
Secure your WordPress site in 7 easy steps with my WordPress security checklist
1/ Create a secure login name
When you create a new WordPress use a name that is not obvious. Using Admin as the name is just asking for problems as the first thing a hacker will do is type in Admin and then all they need to then work out is the password. Use an old nickname that no one really knows. Or the name of a teacher as a kid or your first car model.
Create a name that is unique to you.
Don’t use the names of pets or your children’s names as a username. You have probably willingly shared this information all over your social media channels.
A strong username really helps secure your WordPress login.
2/ Create a separate WordPress admin account
Once your WordPress site is setup, create a new user account within your WordPress dashboard and give the new account admin privileges.
That way you have 2 accounts that you can access your site with.
If you have already set up WordPress and are using Admin as the name then create your second account and give the account admin privileges. Test that it works and that you are happy. Then delete the account named admin.
Then make a second new account and give that account admin privileges so that you have 2 admin accounts without using admin as the account name.
3/ Use a secure WordPress password
You have to have a strong password to secure your WordPress. If someone has your login name then your password is your last line of defence in keeping your WordPress secure. Your password needs to be something that no one will guess. Don’t use your kid’s names. Don’t use your pets names. It is not a good idea to use memorable dates. And never, ever use “password” as your password.
Use upper and lower case and add in some special characters to give you a really secure WordPress password.
WordPress has a feature that allows you to create a secure password that will extremely secure.
1/ Go to your Dashboard on WordPress
2/ Select Users
3/ Select Your Profile
4/ Click Generate Password
When you generate your password you will be given a new 24 character password made up of upper, lower and special characters. It is not worth any hackers time trying to access any WordPress that has been secured in this way as there are just easier targets out there for them.
While we are securing our password revisit your server/FTP password. Create a different password than what you use for your WordPress login.
3/ Don’t use an obvious name for your hosting account
Your hosting account is another area that needs to be kept secure. Make sure your WordPress hosting account name is not your real name or a name you use on one of your social channels. It is also not a good idea to use the name of the site as a hosting admin name either
Names like these are the first guesses that hackers trying to access your system will try to use. Don’t offer those trying to access your WordPress access to any vulnerabilities Help secure your WordPress with a good strong hosting admin name and password
5/ Install a security plugin
Security plugins are really useful as they will tell you of any possible problems that may affect your site or at least the good ones will. From simple notifications to upgrade plugins to information about cyber attacks and what to look out for.
I use Wordfence Security to secure my WordPress site. Wordfence is one such plugin that will email any you about known threats and any suspicious activity. I am even notified when I log in to my back office just in case that it is not me
What is the best security plugin to secure your WordPress?
Here are 3 of the best security plugins to help keep your WordPress secure.
WordFence is one of the most popular WordPress security plugins and it is what I use here on Infobunny.
It checks your WordPress for malware infections. It scans all the files of your WP core, and your theme files and any plugins that you have installed on your system. If Wordfence finds any problems, it will notify you.
Wordfence is a free plugin. There is a paid for version available with advanced features. If you can afford it the premium version then buy it.
2. BulletProof Security
BulletProof Security is another popular WordPress security plugin that takes care of various things. It adds firewall security, database security, login security and more. It comes with four-click setup interface. Just activate this plugin and then relax. It will take care of your website.
3. All In One WP Security & Firewall
All In One WP Security & Firewall is another popular WordPress security plugin to check vulnerabilities in your WordPress website. This plugin is easy to use and reduces the security risks by adding recommended security practices.
6/ Limit login attempts
Attacks like a Brute Force attack, target your login form.
A brute force attack is a trial-and-error method used to obtain information such as a user password. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to ry to work out your password. This is why the security of your password is so important. A brute force attack is also known as brute force cracking or simply brute force.
Specifically for WordPress security, the All in One WP Security & Firewall plugin linked above has an option to simply change the default URL (/wp-admin/) for that login form. This makes it harder to find the login page to attack. You could then also limit the number of attempts to login from a certain IP address. There are quite a few WordPress plugins that can help you to protect your login form from IP addresses that fire a multitude of login attempts your way.
7/ Keep your site secure by keeping it up to date
Do you have a recent backup?
Before you do anything backup your site and regularly backup. Then when you see that there is an update available for a plugin or WordPress itself needs an update. you can just go ahead and update.
Always run the latest version of WordPress. New updates normally carry security enhancements to help keep your WordPress secure. The same goes for theme updates. Premium themes are often updated for security reasons to help match up and work better with any WP updates. I recommend using a premium theme over a free theme for security reasons.
Plugins can provide vulnerabilities for potential intruders to take advantage of. Keep them updated. If your using WordFence you will be emailed every time a plugin needs an update.
Even if your hosting company keeps a back up it would still be a really good idea for you to also make a backup. Cover all the bases.
What is the best backup plugin for WordPress?
UpdraftPlus is a free WordPress backup plugin. It allows you to create a complete backup of your WordPress site and store it on the cloud or download to your computer.
The plugin supports scheduled as well as on-demand backups. You can also choose which files to backup. It can automatically upload your backups to Dropbox, Google Drive, S3, Rackspace, FTP, SFTP, email, and several other cloud storage services. Our friends over at WPBeginner have a great guide to backing up your site and restoring your site. Let’s hope you never need to use the restore section unless you are changing your hosting.
Backing up your site and keelping your blog secure is a very, very important task so before you set about the task make sure that you know exactly how to do it.
Here is the WPBeginner guide to UpdraftPlus – How to Backup & Restore Your WordPress Site with UpdraftPlus
BackWPup is a free plugin that allows you to create complete WordPress backup for free and store it on the cloud (Dropbox, Amazon S3, Rackspace, etc), FTP, email, or on your computer.
It is extremely easy to use and allows you to schedule automatic backups according to your site’s update frequency.
Here is a great guide by Anphira.com that wil help you set up and use BackWPup. Backup WordPress with BackWPup Tutorial
BackupBuddy is the most popular premium WordPress backup plugin. It allows you to easily schedule daily, weekly, or monthly backups. It can also automatically store your backups in Dropbox, Amazon S3, Rackspace Cloud, FTP, Stash (their cloud service), and even email it to yourself.
Here is the WPBeginner guide to How to Keep Your WordPress Content Safe with BackupBuddy
How to secure your WordPress site – Takeaways
The key to securing your WordPress is really to use a secure username and password. Don’t make it easy for anyone to get into your site and create a mess. The chances are if your username and password are secure then your be left alone because the bad guys know there are easier targets to hit.
If you also all the other measures I have listed your sure to be ok. But is the worst does happen and someone gets inside you will be covered because you have a backup of your site, right?
Go secure your WordPress, Back It Up Now!
That’s all for now.
Do you have any tips or tricks on how to secure WordPress? any plugins you can recommend?
Let me know in the comments below, make sure that you subscribe to comments so that you are notified when I reply