Wordpress is an incredibly flexible, powerful and popular website platform, but that popularity comes at a price. It has been estimated that a Wordpress website is hacked every 5 seconds. The commercial and reputational damage caused by these attacks can be massive. However, with a few simple steps, it is entirely possible to keep your precious website safe and secure.
1. Choose your plugins and theme carefully. One of the greatest strengths of Wordpress is the vast range of plugins available. However, poorly written or out of date plugins are one of the most common causes of Wordpress security breaches. Only install plugins that are from trusted sources, and that receive regular updates. If you have any plugins installed that are not necessary, remove them. Similarly, some commercial themes do not comply with best practices and should be avoided. It is safest to use themes published through Wordpress.org/themes.
2. Choose a specialised hosting partner. Wordpress hosting requires some specific steps to ensure maximum security. In addition to keeping the server environment secure and protected, a Wordpress-focused host will undertake additional measures to defend your website from attack. Websites hosted on Unleashed Web servers, for example, are scanned daily to ensure that all the correct security permissions are in place, that no updates are due, and that no signs of security breaches can be detected.
3. Ensure that a backup routine is in place. With the right security in place you might never need your backups, but if the worst does happen it is important that you can recover your website quickly and with the minimum of fuss. Check if this is included in your hosting package, or if you need to take additional measures to backup your files and database.
4. Use security plugins. There are several excellent plugins that add additional layers of security to your Wordpress website. I recommend Wordfence (www.wordfence.com), which comes in free and premium versions. The premium version adds more checks and controls, but even the free plugin adds a wide range of security measures. One of the most visible benefits is blocking login attempts from certain countries or where several failed login attempts have been detected. Which leads to me to my final tip...
5. Keep your own house in order! No amount of server security will help you if you choose an insecure admin password, or if your own computer is compromised. The usual advice for computer security applies here; do not use the same password for everything, make sure it is hard to guess, and change your password periodically. Wordpress includes a password strength indicator; use it to ensure you have a strong password.
With these measures in place, you need not lose any sleep over your Wordpress security. More technical detail on Wordpress security can be found via http://codex.wordpress.org/Hardening_WordPress
Secure your online world with Wordpress Shield
To help businesses to keep their Wordpress websites secure, we have developed a managed hosting solution called Wordpress Shield. This comprehensive security solution costs just £30 per month. To read more see: Wordpress Shield
If you have any questions, comments or suggestions I'd love to hear them. Post a comment below to get in touch!