5 Tips for Keeping Your WordPress Website Secure · 5 Tips For Keeping Your WordPress Site Secure...

www.circlebc.com.au

5 Tips for Keeping Your WordPress Website Secure

3


WordPress is used by over 26% of ALL websites

on the internet.

The fact that WordPress is so widespread and popular, is due to it’s

ease of use, flexibility and affordability, making it a popular choice for

business big and small.

This popularity also makes WordPress sites a target for hackers and

other cyber criminals resulting in the CMS being subject to hack and bot

attacks, trying to exploit known vulnerabilities in the software.

Keeping your website secure and functioning is not overly difficult, it’s

just a matter of good housekeeping, it is increasingly important to keep

WordPress Core, themes and plugins updated, and keep regular backups.

Additional preventative maintenance including virus scanning,

firewalls and ongoing security monitoring is also a good idea.

This eBook provides 5 Simple tips to keeping your website secure

and functioning, and providing a fallback option if something where to go

wrong. It is by no means a complete guide but is a good starting point.

4


Keeping your site up to date and well maintained is probably the

most important tip, keeping everything up to date puts your

WordPress site in a safe position to begin with; it means that any

known security issues are patched – this is crucial because known

and common security issues are exactly what hackers are looking

for.

Keeping your site up to date includes not only the core WordPress

installation but also any themes and plugins that you have installed.

A default install of WordPress will automatically install core updates

but they can also be installed manually from the dashboard under

the Updates menu.

Themes and plugins will not update themselves automatically by

default, so these should be monitored in the dashboard – updates

for themes and plugins will show up in the same place as the core

update notifications. It is a good idea to backup your site and in the

majority of cases engage your developer to perform this work, as

from time to time plugin conflicts can cause issues with the site and

its functionality and some plugins may need to be rolled back to

older more stable versions.

In addition you should also be aware of any plugins that have out of

date or insecure files and functions within them. Some hosting

providers will scan for these types of files automatically, or you can

employ a website support agency to perform these regular checks

for you as part of a website maintenance program.

5


This may seem common sense, but having a secure password

makes it much harder for hackers to break in to your WordPress

installation. At the very least a secure password should consist of at

least 8 alpha-numeric characters, at least 1 uppercase letter and 1

special character. A strong password should also be something

other than a common word found in a dictionary and not have the

site name or business name as part of the password.

All of these factors will make a password harder to guess and will

also help to prevent a hacker from using a brute force dictionary

attack where a list of passwords are tried automatically.

You should not only use a strong password for your WordPress login

but also for your FTP account, website control panel and also your

SQL database(s) associated with your WordPress installation.

6


It is very common in

WordPress installations for a lot of

unused themes and plugins to be

present – this often comes about

when changes are made to the

website and superseded features

are left unmaintained or due to

poor housekeeping during testing

This can be a massive security

risk because plugins and themes

could be left for a long period of

time, because they are not in use

they could be left and not updated.

In addition if support for these themes and plugins ends then the

developers may not even provide security updates, which provides

another backdoor or vulnerability for hackers and bots to expose.

To prevent this risk it is a good idea to uninstall any themes and

plugins that are not in use – this will not only make your site safer but it will

also make everything easier to maintain and will also reduce the load on

your web server.

7


Limiting the login attempts to WordPress is a pro-active security

measure that makes it very difficult for a hacker to brute force their way in

to your installation, by limiting the rate of login attempts, including by way of

cookies, for each IP.

A brute force attack – in other words is trying thousands of passwords

automatically until they find the right one and are able to then gain access

to your website or server.

Site admin can also be notified when a brute force attempt takes place,

which could also be a prompt to change website and server passwords.

This also emphasises the importance of using a complex password and not

something that is easy to remember, as it makes the password much

harder to crack.

8


Rather than being directly related to the security of your WordPress

installation backing up your site creates a safety net in case

something does go wrong. It doesn’t matter how secure you keep

your site the possibility will always exist that you may get hacked.

Keeping regular backups ensures that you always have a way to

easily and quickly recover from an attack, should it ever happen.

Some hosting companies will provide you with automatic backups

as part of their service but even so it is a good idea to keep an

additional backup of your WordPress installation and preferably not

on your server, as in some cases if your website and server get

hacked, your backups might also be compromised.

There are many free plugins for WordPress that make this job easy.

There are also some premium WordPress Backup Providers that

offer additional functionality such as offsite storage and automated

restores.

https://wordpress.org/plugins/backwpup/

9


In Summary, keeping your WordPress website secure starts with

basic maintenance and keeping your site, themes and plugins updated.

Keeping regular site backups in a location off your server also helps.

The steps above are by no means bullet proof and there are other

things to consider such as penetration tests to check for unknown

website and server vulnerabilities, website firewalls and malware

detection and prevention, but by employing these basic techniques to

begin with will provide you with a solid base to build upon.

www.circlebc.com.au1300 978 073

If you would like more information about

this eBook or require assistance with the

support and maintenance of your WordPress

website, please get in contact with us,

we would love to hear from you.

www.wordpresswebsitesupport.com.au

5 Tips for Keeping Your WordPress Website Secure · 5 Tips For Keeping Your WordPress Site Secure...

Documents

Transcript of 5 Tips for Keeping Your WordPress Website Secure · 5 Tips For Keeping Your WordPress Site Secure...