11 Tricks to Protect Your WordPress Site
WordPress is the most commonly used Content Management System on the internet. It powers more than 20% of the web. WordPress is a stable platform, there are 1,000s of developers trying to improve it on a daily basis. It is open source which means free to use. Due to the popularity of WordPress hackers are also trying to get access to as many sites as they can to conduct illicit activities online.
Here are 11 tricks to better protect your WordPress site.
Get Rid of the Default User Account - Admin
This is the mistake most novice WordPress users make; they use the default admin account to manage their WordPress site. If a hacker wants to get access to your site which username are they going to try first? Admin. You can't change the username so you have to create another username of your choice then DELETE the default admin account.
Close Comments After a Period of Time
If you are getting hit by spam comments then you can close comments after a few days of when the post was published. To do this in WordPress, go to: Settings -> Discussion -> Other Comment Settings.
You can then set a number of days to close comments automatically as you wish. You can also use a plugin like Akismet to better protect from spam comments.
Remove the Login Link on Your Website
We are not referring to a customer login area if you have one, but we are referring to the admin login link on your website. Removing the link does not guarantee safety but just removes the welcome mat for hackers.
Keep WordPress Updated at All Times
83% of WordPress blogs that are hacked are not on the latest version of WordPress and it is one of the biggest reasons why a WordPress site gets hacked. Older WordPress versions may have security issues and the hacker's community work hard to exploiting these security issues.
Report WordPress Security Issues and Bugs
If you find a bug report it here so the whole WordPress community can benefit before any hackers figure out how to exploit the issue to their advantage.
Lock Down Write Access and File Permissions
If you want to take the security of your site a step further then you can restrict which users have write access to your website files and folders. You can use plugins for this or contact your website host for help.
Use a Plugin to Limit Unsuccessful Login Attempts
By default, a WordPress site can be accessed unsuccessfully an unlimited number of times unless of course your WordPress host has a restriction or you are using a plugin to restrict these failed logins. This sounds scary doesn't it? Use a plugin like LoginLockDown to lock your site after 5 failed login attempts within 24 hours or so.
Two-Factor Authentication (2FA)
Depending on what information you have on your site like credit card then you can ramp up your security with 2FA. You may have seen some banks require an SMS code to access their website on top of the regular username and password; this is an example of 2FA. For an eCommerce/WooCommerce site this may be a worthwhile additional protection but not if your site is a simple website or blog.
Check Your Website Host's Backups and Recovery
So far we looked at some tips to better protect WordPress site but this one is very important if the unfortunate ever happens. Make sure your website is backed up on a regular basis you may have to check with your hosting provider to see how often they do this. Some hosts might not do this on their basic plans and you may have to go to a higher plan.
Most web hosting service providers include daily backup and recovery within their shared and dedicated hosting plans. If you aren't sure what your hosting provider has in place, or would like to view other alternatives, refer to this top web hosting reference guide.
Check Your Website Plugins and Themes
If you have any unused plugins or themes then this is a good time as ever to get rid of them. Make sure your plugins and themes are updated to the latest version as older versions may have security holes. When selecting a new plugin you need to consider their performance and security. If a plugin has not been updated for years there is a good chance it will never be and thus, may have security implications.
Use a CDN's (Content Distribution Network) Firewall
When you use a CDN your website load times improve dramatically but the CDN also acts like a firewall as this is a new layer between your web host and the internet. Any added barrier will only detract the hackers who are always on the lookout for quick wins.
Improving the security of your site is a proactive measure and taking a few steps today may well detract hackers from targeting your site. Once a site is hacked you lose valuable time to get it back to its previous glory. Remember, there is no such thing as a 100% safe site but each additional layer or barrier can keep the hackers at bay.
SHARE THIS POST
ABOUT THE AUTHOR
Zac's been in the industry for 20 years and has written numerous of articles on many well-known publications and has also been featured in Entrepreneur, Inc and Forbes.