Saturday, October 31, 2015

Top Tips for Securing Your WordPress Site

WordPress is, without a doubt, one of the world's most popular blogging and CMS (Content Management System) platform. More than 70 million websites from around the world use WordPress to power their websites, which include some of the biggest names in the industry- The New York Times, The Guardian, eBay and many more. 

And because it is so popular its becomes a common target for hackers and spammers. Fortunately, WordPress supports a wide ecosystem of free plugins and services that can help you protect your site against hackers.

In this post I listed few important things that you can easily do in order to minimize the risk of getting your WordPress site hacked, and make your site even more secure.


1. Don't use the “admin” username
Most attackers usually rely on this thing during a brute force attack, and if you use “admin” as your login username then you’re leaving site open to attackers. This is probably the number one rule in WordPress security and strongly recommended that your username to something less obvious. By changing your WordPress username to something strong and unrelated to your own or site name, you can now block a lot of attacks and protect your site immediately.

2. Strengthen passwords
We heard many stories about massive security breaches by Russian cybercrime group and the latest software security bugs. Choosing strong and unique passwords for each you site you're using in the net, is one of the best things you can do to stay safe and secure. A strong password contains a mixture of uppercase, lowercase characters, numerals and special characters. Your password must not contain a complete word (such as real name or company name) that can be easily guess by hackers.

3. Keep your WordPress updated
This is one of the most important things we can do when using any type of software, in terms of security, is keeping up for everything new. Software companies are constantly releasing security updates and news. Make sure you're using the latest version of WordPress and plugins, because if you don't keep your site updated with the latest versions of WordPress, you could be leaving your site vulnerable to attacks. Hackers often target older versions of WordPress with known security vulnerabilities and issues, so always keep an eye on those updates and security patches.

4. Manage and update your plugins and themes
Plugins is another important item that you have to ensure that is fully updated and patched, plugins may contain vulnerable code or flaws which when installed could makes or leave your site vulnerable to attacks. Always check your plugins to see if there are any associated exploits or vulnerabilities you are about to install.

In addition, you need also to keep those plugins to a minimum, delete unused or unnecessary plugins. Extra or unused plugins sometimes can become a security risk if they are become outdated, security problems can be traced back to an old plugins or unused plugins that won't work with each others.

5. Use a security plugins
Security plugins provide an effective way to better monitor your site's security, and also to secure any important files or components in your WordPress installation. This is very important because it provides you the ability to monitor everything and to keep an eye on the various changes occurring within your WordPress environment. 

Currently, there a handful of popular options you can use to tighten your site's security and reduce the chance of being attacked or hacked. One of the most popular is the free Sucuri WordPress Security plugin, a security toolset for security integrity monitoring, malware detection and security hardening. It also offers a security service that detects unauthorized changes to your network assets, including SSL certificates, DNS and many more.

6. Use secure WordPress hosting
Not all WordPress hosting companies are created equal and, in fact, hosting vulnerabilities account for a huge percentage of WordPress websites being attacked. Always select the hosting companies that make security a top priority (or companies with good security track records) and offer support for the latest versions of PHP and MySQL, as well as advanced security software and intrusion detection systems.

7. Back it up
Always rely on strong backup recovery solutions for your WordPress site, so that you can easily restore or recover your site if something goes wrong. Even with the best security measures and solutions, you never know when something unexpected things could happen that might affect or leave your site vulnerable to attacks. You can use plug-in such as WordPress Backup to DropBox to schedule regular automatic backups.

8. Force SSL usage for all logins
Use SSL (Secure Socket Layer) certificate on your site, and force all logins sessions to happen over SSL. This will have the user's browser encrypt their username and password before it's sent over the net, adding extra layer of security and protection to your site.

Image Credit: Rockexel