WordPress is, without a doubt, one of the most popular publishing platforms. More than 70 million websites from around the world use WordPress to run their blogs, including big names like The New York Times, CNN, Mashable, and eBay. WordPress is one of the easiest and most powerful content management systems (CMS) in existence today, but as with any widely used software, its popularity can make it a target for hackers. Fortunately, there are a few easy things you can do to secure your site from the majority of attacks. Here are seven WordPress security tips to keep in mind.
1. Get rid of the “admin” user.
If there is one golden rule of WordPress security, it is probably this: never use the default “admin” user. Obviously, on any WordPress site you’ll have at least one user with “Administrator” privileges, but make sure that username is something different than the default “admin.” By leaving the defaults in place, you make it easier for hackers to guess your password and gain access to your site.
If you DO currently have a user named “admin” on your WordPress site, simply set up a new user with a unique name and password, and give them administrative access. Then, login as that new user and delete the old “admin” user. Be sure to attribute any old content that was posted by the “admin” user to your new username.
2. Use strong, unique passwords.
This is true for ANY site you use across the Internet. You’ve probably heard news stories about mass data breaches by Russian crime rings and the Heartbleed security bug. Choosing strong, unique passwords for each site you register for, and changing them regularly, is one of the best things you can do to stay safe and secure online. Does the thought of remembering all of those passwords make you crazy? Use a secure password manager like LastPass to make sense of the madness and help you generate unique passwords for the sites you use.
3. Simplify WordPress security with a powerful tool.
WordPress security is complex, and many of the more technical aspects are beyond what an average user might feel comfortable implementing themselves. Luckily, there are handy tools and security plugins built to simplify this process. Use a plugin like Jetpack, iThemes Security or BulletProof Security to secure your site from most attacks in just a few steps. If you have found yourself the victim of an attack, or want to add an extra layer of protection, consider using a security monitoring and website firewall service such as Sucuri.
4. Stay up to date.
One of the most important things you can do with any type of software, in terms of security, is keep it up to date. Software developers are constantly releasing security patches and updates, and WordPress is no exception. Make sure you’re running the latest version of WordPress, and keep plugins up-to-date. It typically only takes a few clicks and less than a minute to do so:
5. Keep plugins to a minimum.
The more bells and whistles, the more chances there are that something can break. Extra plugins, even inactive ones, can become a security risk if they become outdated. In the world of WordPress, typically when something goes wrong with your site, the problem can be traced back to an old plugin or multiple plugins that don’t play nice with each other. Delete unused plugins and keep the number of plugins you have installed on your WordPress site to just the essentials.
6. Use a secure hosting company.
Your site is only as secure as the server it’s hosted on. Look for hosting companies that make security a top priority and offer support for the latest PHP and MySQL versions, as well as firewalls and intrusion detection systems. In the event that your site gets hacked, does your hosting provider offer support for that? If not, it may be time to look for another hosting company. Read our tips about what to look for in a web hosting company.
7. Back it up.
If something DOES go wrong, you’re going to want a backup. So don’t wait until it’s too late. Check with your hosting company to see if they provide an automatic backup service, or use a tool like BackupBuddy to do it for you.