Every month I take on new clients and get to look at their current WordPress installs to see what their previous web developers are doing right and what they’re also doing wrong. One issue I’ve noticed is that WordPress security is often overlook by most web developers putting their clients websites at risk.
Since WordPress is opensource, this means that hackers can find vulnerabilities and exploit them. This is why it’s extremely important to update your WordPress software and plugins when updates are released.
Personally, I’ve had to deal with my fair share of hacked websites when I was first starting out as a web developer and forced to seek out solutions to combat hackers who were looking to compromise logins, inject malicious scripts or even deface websites.
Unfortunately I’ve had to deal with all forms of hackers however through experience and knowledge I’ve learned to protect myself against them.
Choose a Strong Password
One obvious way to protect your websites is by creating strong passwords for your administrative access. Instead of choosing an easy to remember password, use the generate password feature in the user settings. Today, sophisticated software’s can attempt 350 billion guesses per second. As time goes on hacking software’s becoming more advanced.
Importance of Web Hosting
Choosing a reliable web hosting company is an important variable to consider for a number of reasons when it comes to website security. Sever software’s and firewalls are one form of defense that keep hackers at bay. Choosing a less credible hosting company however can negatively impact your online presence. I’ve unfortunately learned this 10 years ago when I migrated a clients Joomla website that was being regularly targeted by hackers. Post-migration, the site was never compromised again.
Install a Security Plugin (IE WordFence)
WordPress has several security plugins available which you can install that will protect your website from hackers. My personal favorite is WordFence which is also the most widely used security plugin available for WordPress and also a standard for all NexToronto developed websites.
This WordPress security plugin actively protects against brute force attacks and can scan your website for any malicious code that has been injected.
Installing WordFence only takes a few steps to install and requires code to be added to your site’s .htaccess file. In only a few you can add another layer of security to your website.
Once installed you should enter your email to receive updates on any security vulnerabilities and outdated plugins. You will be emailed a weekly report notifying you if any upgrades are needed.
You can also run scans on website files which will notify you of any compromised or injected files with the option to ignore or delete.
Your dashboard will also display the number of hacking attempts by IP, country and attempts on the administrative user. See image on right.
In rare instances, WordFence will flag files that are not a threat therefore it’s important to make sure you review recommendations carefully rather than just deleting flagged files.
The free version of WordFence provides updates every 30 days but if you purchase the premium version you will receive real time updates in addition to IP blocking.
If you wish to download WordFence you can visit the website http://wordfence.com.