Security; it’s something that all of us, individuals and businesses, should be aware of. Are you?
According to one source, 30,000 websites are hacked every day. That’s quite a chilling figure, isn’t it? In the grand scheme of things however, 30,000 isn’t too bad given that there are 1 billion websites on the internet. However, you really don’t think your own site will be hacked… until it is. And with more sites than ever using WordPress, we’ll be focussing on WordPress security in this blog. It’s relatively quick and easy to tighten-up your WordPress security – so here’s some quick tips.
Update, Update, Update
It can often sound like such a minor thing, but keeping your version of WordPress up to date ensures that any new security measures imposed by WordPress, are installed and implemented on your website. It’s pretty easy to update WordPress too; once you log in to your admin dashboard, you’ll see a notice at the top of the screen, with a clickable “Update now” link.
Once you click to update, WordPress takes care of the rest! Sit back, go make a coffee or continue with something else on another internet tab. The same applies for plugins – click “Plugins” from the menu on the left. The general rule of thumb? Click the checkbox at the top bar, select ‘Update’ from the dropdown menu and click ‘Apply’. This will run through any out-dated plugins and will update them accordingly.
Don’t make it easy for hackers!
It’s probably a ‘no brainer’ for some but it’s worth reminding you that we always recommend strong, secure passwords. Generate a random password from sites like these. Also, hide your admin login page! By default, WordPress installs your login page and allows you to access it from yourdomain.co.uk/wp-admin. So if someone was going to hack you, chances are they would guess that your login page was located here. Hide it! You can rename your login page location with the help of some handy plugins – see below for more details.
Also, locate the ‘wp-config-sample.php’ file from your root install of WordPress and delete this! This is not a necessary file and has been known as a method for entry for hackers.
Plugins – making life easy.
First of all, if you’re unsure what a ‘plugin’ is – it’s basically like an add-on which has a purpose. You can download plugins for almost anything – ones which will create custom contact forms, mailing lists and much more. Here’s some great ones for security:
iThemes Security (FREE)
This one is the creme de la creme of security plugins! Once downloaded, you can activate the plugin and run through some basic site security checks.
It also keeps you updated with any alerts by email – which you implement during the initial setup. As mentioned above, hiding your WordPress login page can often make things easy for hackers. This plugin has an option to hide your WordPress login page. You can rename it to something like yourdomain.co.uk/mysecretloginpage. Best thing about the plugin? It’s FREE!
WordFence Security (FREE)
Another great plugin – this one runs various scans on your site, checking for any vulnerabilities. The plugin has a firewall and can also scan for malware and block malicious IP addresses that have tried to gain access to your WordPress admin dashboard. The plugin works alongside iThemes Security but it’s worth noting that you should disable iThemes Security when installing this, to avoid any security conflicts. Simply click ‘deactivate’ on the plugins page, then reactivate the plugin once WordFence has downloaded.
That’s it from us! Want to share your tips with us? Or have a question? Tweet us @BroadbandCloud.
Leave a Reply