Substance and Style

    Six Free and Easy Ways to Make Your WordPress Site More Secure

    ·

    If you don’t have a lot of traffic or sales going through your website, you might think it’s safe from attack. However, the motivations for hacking are many: installing malware, taking advantage of your search rankings to slip links or ads onto your pages, taking advantage of your good reputation to send spam from your (trusted) email address, taking over your site for ransom, stealing ad revenue, using your server to mine crypto, or using your server in a botnet, to name a few. Additionally, most attacks are by bots. They don’t care whether your site is small or large. They only want to hit as many sites as they can as quickly as possible. Here are some ways you can increase your security, even if you don’t have a lot of resources:

    1. Be serious about your password. You’re probably tired of seeing this advice, but the reason it’s so prevalent is because it’s important. WordPress will generate a password for you that is strong, but you probably won’t remember it unless you use a password management system. To come up with your own strong password you can remember, try making a sentence with symbols substituted in for some letters/words, like UR$illy (that’s not a particularly good one, but you get the gist). It’s also important to not use the password anywhere else. This is the hardest part. We have hundreds of passwords in our heads these days. If it’s absolutely necessary, try adding the initials of the site to your sentence (WPUR$illy for WordPress, IGUR$illy for Instagram, etc.).
    2. Update your WordPress and your plugins often. Many updates are to fix vulnerabilities in security and limit damage. Therefore, it’s important to always keep the latest versions of every plugin you’re using as well as WordPress itself.
    3. Speaking of plugins, choose them wisely in the first place. Social proof is not foolproof, but you can save yourself a ton of problems by installing plugins that have a lot of active installations and a lot of positive reviews. It’s also good to see if they’ve recently been updated.
    4. Be smart about user roles. Only grant people the access and privileges they actually need. This is not about not trusting the people you have using your site. It’s about there being fewer vulnerabilities if that user’s account is compromised. Your goal here is to limit the damage a hacker can do. For more on user roles, read this post.
    5. Make sure your site is being backed up. If you’re hosting outside of WordPress, backups likely happen at a regularly scheduled interval, but you should check to be sure. If you’re hosting on WordPress, you may need a plug in like Jetpack or Backup Buddy. Undraftplus is another good one with a free version that works for most people.
    6. Make sure you’re using SSL (https). SSL makes the connection between the user and the server secure. It is important to have, especially if you have users logging in and most definitely if any money is coming into your site. SSL prevents login credentials and credit card information form being stolen. However, it does not erase the need for any of the other security measures discussed here. If you’re hosting on WordPress, SSL will be automatically on your site. For other hosts, go to your cPanel and navigate to security. You should have the option of free SSL.