The best WordPress security

Als je als webbouwer of programmeur met een CMS als WordPress werkt, is beveiliging een belangrijk punt van aandacht. Because WordPress is so user-friendly, it is widely used for creating sites. There is an immediate danger in this: the large scale makes it interesting to hackers. Every week, Google blacklists some 20,000 websites for malware and some 50,000 for phishing (figures from the first quarter of 2016). If you depend on your website, you understand the need to have your WordPress security in place. Here we give you some basic security tips to protect your website from hackers and malware.

Although the basics of WordPress are well secured and regularly audited by hundreds of developers, there are some things you can do yourself to protect your site. As a website administrator or owner, there is much you can do to improve your WordPress security (even without technical knowledge). We have listed some of the primary actions for you below.

Why is security for your site so important?

A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information and/or passwords, install malicious software and even distribute malware to your users/customers. Perhaps worst of all, you have to pay hackers to regain access to your website. If your website is a business, you need to pay extra attention to your WordPress security. Similar to how it is the responsibility of business owners to protect their physical store, as an online business owner it is your responsibility to protect your company website. This applies to both web shops and regular websites.

WordPress security in simple steps (no coding)

We know that improving WordPress security can be a terrifying thought for beginners. Especially if you’re not a techie. And hey, you’re not the only one. We’ll show you how to improve your WordPress security with just a few clicks (no coding required). If you can surf the Internet, so can you!

Make sure WordPress is up-to-date

WordPress is
open source software
that is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, update manually. You can see that, if you are logged in, by the well-known “red icons” in your dashboard. There are also thousands of WordPress plug-ins and themes you can install on your website. These plug-ins and themes, in turn, are maintained by third-party developers who also publish regular updates. These WordPress updates are crucial to the security and stability of your WordPress site. You need to make sure your WordPress core, plug-ins and theme are up to date. And we assure you, you should do that more often than once a year. To set up automatic updates, read our manual.

The most common WordPress hacking attempts happen with stolen passwords. You can make it difficult for hackers by using stronger passwords created specifically for your website. Not only for WordPress administration area, but also for FTP accounts, database, WordPress hosting account and your (business) email address. The main reason beginners dislike using strong passwords is because they are difficult to remember. The nice thing is that you no longer have to remember passwords: you can store them in a password manager or keychain these days. Another way, and most rigorous, to reduce the risk is to not give anyone access to your WordPress administrator account unless they absolutely have to. The disadvantage is that you then have to make all the changes and up-dates yourself. If you have a large team or guest authors, make sure you understand the user roles and capabilities in WordPress before adding new users and authors to your WordPress site.

The Role of WordPress Hosting

The WordPress hosting service plays perhaps the most important role in the security of your WordPress site. A good shared hosting provider such as
SQR.NL
or managed hosting provider like
Cyso
take the extra measures to protect servers from common threats. In fact, not securing your Web site opens up the risk of cross-contamination where a hacker can use an adjacent site to attack other Web sites. Using a managed WordPress hosting service provides a more secure platform for your website. WordPress hosting companies such as
SQR.NL
and
Cyso
offer automatic backups, automatic WordPress updates and more advanced security configurations to protect your website.

Backups

At
SQR.NL
standard backups are made for customers. Backups are your first step as a defense against any attack. Of course, nothing is 100% safe. If government websites can be hacked, yours can be hacked too. With backups, however, you can quickly restore your WordPress site in case something bad happened. There are many free and paid WordPress backup plug-ins you can use for an additional (proprietary) backup. The most important thing to know when it comes to backups is that you should regularly save backups of your data to an external location. Based on how often you update your Web site, the ideal setting for this might be once-a-day or real-time backups. Fortunately, this can easily be done using plug-ins such as
VaultPress
or
BackupBuddy
. They are both reliable and, above all, user-friendly (as mentioned, knowledge of coding is not necessary).

Change the default ‘admin’ username

In the past, the default username of the WordPress administrator with the most privileges was “admin.” With usernames making up half of the login process, this made it easier for hackers to carry out attacks. Fortunately, WordPress has since changed and you now have to choose your own username when installing WordPress. Because WordPress does not allow you to change usernames by default, there are three methods you can use to change the username.

1. Create a new administrator username and delete the old username.
2. Use the plug-in
   Username Changer
   .
3. Update username via
   phpMyAdmin
   .

Note: We are talking about the username “admin” here, not the administrator role.

Fixing a hacked WordPress site

Many WordPress users do not realize the importance of backups and website security until their website has been hacked. Of course, we hope it doesn’t ever happen to you. Because cleaning up a WordPress site can be very difficult and time-consuming. Our first advice would be to have a professional take care of it. Hackers install backdoors on affected sites, and if these backdoors are not closed properly, your website is likely to be hacked again someday. When a professional security company fixes your website, it ensures that your site is safe to use again. It therefore protects you from future attacks.

That’s it as far as basic tips go, we hope this article helped you learn the first principles for WordPress security and discover the best WordPress security plugins and secure hosting for your website.

Are you ready for your own WordPress website? We also offer
WordPress hosting
which allows you to have your own WordPress website ready to go in 2 minutes.