WordPress Security Tips

These are some simple security tips to keep your wordpress website safe, and reduce the risk of getting hacked. Most of these are easy to implement and just require minimal maintenance to keep on top of.

Hacking attempts has intensified as of late, with people or bots attempting to gain access to websites for a few different reasons. One of those reasons is, hacked websites can be used to attack other websites via the means of a DDos attack. They will upload a file or files to a website server, and use those files to attack another website or server, with the intention to take it offline for a period of time.

They may also wish to steal sensitive information, depending on the type of website, they may-be able to access email addresses, contact lists and even banking details. There could be a motivation to simply disrupt and cause a type of online vandalism to a website. Whatever the reason, these simple tips will help you to avoid it happening to you.

WordPress Security Tips      

Security Plugins

There are some very good security plugins available. I currently use Wordfence, there is a free and paid version, the free version is obviously more restricted, however it still provides very useful features. It gives you information on login attempts and will block bots from attempting a login.

Wordfence security email, user locked out.
Wordfence Email Notification

There are also various other virus and malware scanners that can be installed. Always check the plugin reviews before installing, and check that they’re regularly updated.

Update WordPress Plugins & Themes

Bots are always looking for outdated versions of wordpress, plugins and themes to exploit. Keeping on top of these updates will help to prevent breaches in security. It is also recommended to remove any unused plugins and themes.

Strong Passwords

Those bots are continuingly searching the internet for websites to access, keeping strong passwords is going to make it all that much more difficult for them. This includes your wordpress login, and also on the server side.

Regular Backups

Backups are good for a few reasons, you don’t want to lose your work, and they’re also good as a security measure. If the worst happens, and your website is accessed and corrupted, you can simple perform a full restore from the latest backup.

Use a good host

You can do everything you can, and do all the right things to make your website as secure as possible, however the security risk to your website could come from your web host. So ideally do some research on a hosting service, checking reviews and its general reputation.

Protect your computer

Make sure that the computer that you access your website from with is updated with an active firewall, has virus software installed and is always connected to the internet via an encrypted connection.

Windows 10 Security Panel.
Windows 10 Security Panel

If you do get hacked

If you do get hacked, which results in your website being black-listed, don’t worry, it’s actually fairly common, and you can fully recover from it. Once your website has been cleaned of any malicious files, you can submit your website for review (Google Search Console) to have the black list removed.

Once approved your website should be back to normal with no loss of rankings, or damage to its reputation, assuming the problem is detected and dealt with relativity quickly.