Cyber attacks are real, frequent, and often very painful, so keeping your WordPress website is enormously important. More and more attempts are launched against websites every year, so the question of security remains critical for everyone. As we know, size doesn’t matter to cyber criminals, so when it comes to targeting victims, everyone is a fair game, from large international corporations to small businesses.
2018 Internet Security Threat Report informed that 2017 was the year of cyber attacks, with their number peaking at 27.7 million per month.
Source: 2018 Internet Security Threat Report, Symantec
Since the best way to deal with cyber threats is to prevent them, check out the six ways to secure your WordPress website below.
1. Update, Update, Update
Many owners of WordPress websites avoid installing updates because they think they can disrupt the performance of their platforms. However, avoiding updates is a really bad idea because they may contain the latest protection tools from developers.
The risk arising from the lack of protection is high. For example, Sucuri’s Hacked Website report found that 39.3 percent of hacked WordPress sites in 2017 had an outdated
Source: Sucuri’s Hacked Website report
So check whether you have the latest version of WordPress, back up your site, and update it when updates are available. Or insert the following code in wp-config.php to enable auto updates: define( 'AUTOMATIC_UPDATER_DISABLED', false ); define( 'WP_AUTO_UPDATE_CORE', true );
2. Create a Super Strong Password
Some WordPress websites have pretty weak passwords, which puts them at an increased risk of being hacked. In fact, according to WPSmackdown, 8 percent of WordPress websites get hacked because of this reason.
Source: WPSmackdown
The same source also informed that the most common passwords that are being tried include:
While you can come up with your own passwords (it has to be long, at least 12 characters, and contain a string of random letters and digits), feel free to check these tools:
While you can come up with your own passwords (it has to be long, at least 12 characters, and contain a string of random letters and digits), feel free to check these tools:
Also, I recommend changing your password every couple of months for maximum protection so the user of the site can focus on writing blog posts and avoid distraction by security measures. Also, for increasing the efficiency of writing and proofreading posts, safe and reliable tools such as Hemingway Editor, Essayhilfe and Studhilfe, and recommended.
3. Carefully Review New Plugins and Themes before Installing (and Update Those You Have)
Here’s an alarming fact: 18 percent of the hacked WordPress websites in 2016 were breached because they had outdated versions of just three plugins: GravityForms, RevSllider, and TimThumb (source: Sucuri’s Hacked Website Report 2016 – Q3).
Source: Sucuri’s Hacked Website Report 2016 – Q3
A strong correlation between outdated plugins and the hacked sites suggests that updates are critical here as well. Another key consideration is plugins’ reliability. You should be very careful selecting them because some of them may be vulnerable to hackers. For example, some developers using poor coding practices may allow them to exploit plugins and undermine every website it gets installed on.
To avoid such plugins, follow these tips:
4. Limit Login Attempts
WordPress doesn’t impose any limits on the amount of times one can try and login into your website. The lack of limits, of course, provides hackers with all chances they need to force their way into your admin panel. To change that and reduce the risk of getting hacked, you can limit login attempts.
For that, you can use a plugin called Login LockDown. If it detects a certain customizable number of failed attempt from the same IP range within a short period of time, then it disables the login function for all requests from that range. As the result, you can prevent brute force password discovery.
5. Implement an SSL (Secure Socket Layer) Certificate
This security measure is very popular one for securing the admin panel because:
6. Back up Regularly
You may think that your website is safe if you implement all these tips above but there’s still some room for improvement. Remember to always make backups because they’re the best way to keep your data safe. If you have it, you can restore it to a working state anytime. UpdraftPlus is one of the most popular backup plugins, so you can start with it.
Conclusion
Cyber attacks remain a huge problem for website owners, so seeking additional ways to secure yours is something that you need to do. As you can see, these ways don’t require some extraordinary skills from you but they’ll go a long way in helping you to reduce the chances of getting your site hacked.
Dorothea Oppelland is a marketing specialist, business consultant and helps people to turn their dreams into the profitable business . Currently she works at Ghostwriterpreise.com. She graduated from the Hamburg University. Now she is writing for marketing and business resources. Also Dorothea works at GhostwritingErfahrungen and you can easily contact her.
Top comments (0)