- December 13, 2017
- Posted by: Chris
- Category: Digital, Security
This article will focus on how to increase the security levels of your WordPress website. Being conscious of WordPress security best practices can help reduce the risk of your website being hacked.
Tip 1 – Updates matter!
Websites, much like your computer’s operating system, require incremental updates to help keep them secure. It is vitally important for the security of your WordPress installation that these updates are installed as soon as possible. Before installing major updates you should perform a full back up of your website.
Tip 2 – Install a security plugin
I highly recommend installing the iThemes security plugin. This plugin provides a user friendly way to modify a number of settings which can improve the security of your WordPress installation. Users are recommended to implement the default recommendations. Some of the available WordPress security tweaks include
- Changing default secure urls (such as wp-admin) to different values
- Configuring lock out policies
- Enforcing SSL
- 404 detection (detect users hitting a number of non-existent pages – typical of a scanning bot)
Tip 3 – Use strong passwords
Always use long, complex passwords. Do not use the same set of credentials for your website that you use elsewhere! These passwords may apply to access your WordPress database, WordPress Administrator account or your hosting environment.
Tip 4- Use SSL and Enforce it
Purchase a SSL certificate from a reputable provider and configure your WordPress site and hosting environment to use this certificate. It is also recommended that you configure redirection from HTTP to HTTPS. This configuration can be done manually, or via a plugin such as the iThemes plugin mentioned above.
Another benefit from using SSL is that your SEO page rankings may improve as a result.