There are 4 great security practices that will help you secure your WordPress site with little effort. These 4 practices alone can go a long way in preventing a security breach.
1. Keep It Updated
First off, and we’ve touched on this in a previous article, keep everything updated. Old versions of the core WordPress software, plugins, and theme dramatically raise your security risk. Also, be aware that even plugins that aren’t active pose a risk if they aren’t updated. Why run the risk when it’s so easy to keep you site updated?
Simply schedule time weekly or bi-weekly to check that all the components of your site are updated. Such a simple process can greatly reduce the risk of having your site compromised.
2. Strong Passwords
If you use simple passwords than all your other attempts at securing your site can be for nothing. You might say that you need a password you can remember. Well if that’s so, get a program like LastPass
to remember your long, strong passwords for you.
So, what is a strong password? It’s a password that incorporates numbers, capital letters, special characters and should be more than 10 characters. Here’re a couple examples of good passwords that LastPass generated: EAVb@4RnQ2o1Wcn and U&Ptzc*HCsLY5Y$C%Q. Yes, it would be difficult to remember this password, but it’s also more difficult for some software to crack.
3. Managing Users
Number three on our list is managing users. If you give other people admin access to your WordPress site and they use weak passwords then you have a hole in your security. So you need to ensure that everyone with admin access uses strong passwords and you need to limit the number of people that have admin privileges. Bottom line, don’t give away more privileges than you absolutely need to.
Also, realize that you need to schedule “house cleaning” for your users. Over time, it’s likely that people needing access to your WordPress admin area will come and go. So keep it updated as well. Make sure you delete users that no longer need access to your site.
4. Backup Your WordPress Site
We touched on this already, but having a backup (stored offsite) and recovery plan is crucial should things go bad. Even if you or a staff member inadvertently create a situation, having a backup will get you back up and running as quickly as possible.
When it comes to WordPress you need to realize there are two parts to backing up your site. First is the file system, graphics, videos, HTML, CSS, theme, plugins, pdfs and anything else that you have added. The second part is the database. The database holds all the content and user information that you have on your site. Both of these are what make a complete WordPress site and both must be backup automatically.
These four simple practices will go a long way to keeping your WordPress site secure. Just schedule them into your monthly activities, or ask a web developer to do it for you, and you’ll be keeping your site more secure and giving yourself more peace of mind.