WordPress, we love it! A bit of rummage around our website and you’ll see how much we love through our WordPress Services. In fact, we love WordPress so much we even go to meet-ups with other WordPress users, so it’s not just us.
In fact lots of people love WordPress, approximately 1 in 5 ( or 1 in 4, depending on which stats you look at ) of all websites are built using WordPress. So, it’s all good then.
Keeping WordPress Website Secure
Actually no. One of the downsides of WordPress is its popularity. ( Hang on here H.I.T.S, we’re totally confused – Editor ) What we mean to say is, because of its popularity it’s very much on the RADAR of the Internet bad guys, who want to deface your lovely website or even worse, inject malicious code.
One way to think about WordPress is, it’s a bit like Microsoft Windows inasmuch as you have to keep it secure, up to date and fitted with anti-virus software.
Right so, here we go with some basic tips to making your WordPress Security further up your list and make your website more secure. ( Finally, we get to the point- Ed. )
Kicking off this list and it’s just like M.S. Windows when it comes to WordPress Security. Keep your site and plugins up to date. The hackers love to look for older or unpatched versions of WordPress and associated plugins.
There was a significant number of WordPress website hacks during 2015 due to a very popular plugin being insecure and the author being slow to patch it.
We still old versions of WordPress almost everyday, people just don’t realise the importance of that update button.
A word of caution: Make sure that if you do update your WordPress Website that your plugins and themes are compatible.
That Admin, he ( or She ) is everywhere in the tech world and WordPress is no exception.
Remove the default Admin Account. It’s so simple but the number of people who leave ‘admin’ in their user list. The hackers know this and go looking for the ‘admin’. The first thing you should do when you set up your website, sack the ‘admin’, show the door, and get rid of him.
It’s a 2 minute job. Tops. It’s very simple, so no excuses. Oh and don’t forget to create a new account with full Admin rights. We learned that one the hard way.
Password strength isn’t something we should be talking about in 2015 but we are. Strong password should a part of your everyday digital life.
This is one of our biggest bug bears, drives us nuts!
The default login path for WordPress is: http://www.yourdomainname.co.uk/wp-admin everyone knows that! Especially the hackers, so what do they do, that’s exactly what they head for when they set up a brute force attack.
We see lots and lots of excellent WordPress websites designed by some very talented design / web agencies but a quick check and there’s your default login.
Use a good security plugin(s) ( see next bit ) to alter the login path. You can alter it to anything you want, makes it much harder if it’s non-standard. Just make sure you remember what you set it to.
There are some excellent plugins out there in WordPress land. A quick search on the Internet for ‘WordPress Security Plugins’ will bring up a raft of choices and information.
One of our current favourites at the moment is: All In One WP Security.
It has lots of features, including the ability to change the default login path, to make your site much more secure.
Just a word of caution, some of these security plugins have very powerful features that could have a negative impact on your WordPress website if you configure them incorrectly. If you’re unsure, please seek professional advice.
Get it wrong and you could break your site.
Ok, that’s enough to be going on with and remember website security is important, no matter what website platform you use.
If you need help to make your WordPress website more secure or just need some WordPress training then gives us a call today to see how we can help.