Basic WordPress Security

By

WordPress represents 26.4% of the top 10 million websites and is the most popular Content Management System (CMS) system with more than 60 million installations.

Being so popular makes it a target from hackers and cybercriminals.

If you have a WordPress website, or are going thinking about using WordPress, here are a few basic tips to minimise the risk of an attack.

WordPress Updates

WordPress regularly releases version updates. Some updates improve the functionality, and others fix vulnerabilities in the CMS platform.

Since WordPress version 3.7, most security updates are completed automatically, however, it is good housekeeping to ensure you have the latest version installed.

Whilst in the Dashboard, WordPress version updates are prominently displayed.

Upgrade WordPress version

After pressing “Please update now”, the next step is to press “Update Now”.

WordPress version update

Plugins

As WordPress is open-source, this allows many developers to create their own plugins and allow them to be downloaded for free or purchased.

Whilst these plugins are convenient to do cool stuff on your website, some can harbour vulnerabilities, allowing hackers to infiltrate your site.

When plugin updates are available, it is important to update. It is also wise to delete plugins that are not in use.

Updating is simple, check the plugins that you wish to update, and press “Update Plugins”.

Update your WordPress plugins


Login Credentials

As WordPress has evolved, so has its emphasis on security.

The easiest vulnerability for hackers to target is a weak password to an administration or super-administrator account with the username set as “admin” or “administrator”.

Username

If you’re an administrator or higher, avoid using the username”admin” or “administrator”.

Set your user name as your Christian name.

Password

Your password should be:

  • Minimum of 12 characters
  • A combination of UPPERCASE and lowercase letters, numbers and symbols.

WordPress has a built in password generator.

WordPress also has a password strength complexity tool that shows whether your password is Very Weak, Weak, Medium or Strong strength.

If your password is Very Weak or Weak, a required checkbox will appear that says “Confirm use of weak password”.

Very Weak Password

Unless your password is Strong (Green), do not proceed.

Strong Password


Hosting

When searching for a company to host your WordPress website it is critical to invest a little more money on a dedicated WordPress Host (They only host, and specialise in WordPress websites).

This investment could be the difference between losing a lot of work and you business going broke.

There are some critical additions you should also look for:

  • Daily Backups – restoring a website from a backup is far easier than rebuilding an entire site.
    • Before commencing any updates, it is wise to backup your entire site.
  • Firewall – Monitor and block potential attackers.
  • Malware scanning – Find a fix malicious files on your server.
  • Support – Make sure the support knows everything about WordPress.

A security conscious host takes away the need for you to install an array of security related plugins, and the need for you to continually monitor them for threats. This leaves you with more time to do the important things on your website.

Who provides dedicated hosting?

Here is a list of some businesses devoted to WordPress: