I attended a WordPress MeetUp in Melbourne last week where the topic was “WordPress Security”. A key message was “Take Security Seriously”. The info I learned about keeping your website secure from hacking, malware and other nasty business was critically important so I’m sharing it here to help you check the security of your website.
The tips below are summarised from a presentation by Chris Burgess. View the full presentation on his website.
If you haven’t actioned any of the tips below previously, I recommend contacting your web developer for help, because it’s important that you have a reliable back up and can reverse any changes made if something does go wrong in the process.
WordPress Security Tips
1. Backup your website regularly
2. Update WordPress when new versions are released
View “Updates” in your dashboard when you’re logged in to WordPress to find out if there are any that you need to make.
3. Only use reputable themes and plugins, avoid pirated copies
Code Canyon, Theme Forest and StudioPress are some of the places where you can find reputable themes.
Before adding a plugin I search WordPress.org to check their listing for the plugin and find out how it has been rated by the WordPress community.
Don’t ever download pirated copies of plugin (they may have nasties embedded in them)
4. Update your plugins when new versions are released
5. Use a Security plugin
The examples provided were Sucuri, WordFence and iThemes security.
6. Have a strong password
The longer and more complicated your password is, the harder it is for people to hack. Chris recommended using a Password Management tool like LastPass to keep track of your passwords. I like the system of using a long phrase that you can easily remember and changing the letter ‘e’ for the number ‘3’ and the letter ‘a’ for the number ‘4’ and similar.
Also avoid using “admin” as your WordPress login user name.
7. Have Search Console (formerly Webmaster Tools) installed
This free Google tool can alert you if you if your website is down or has been hacked.
Understand how often your website is backed up and updated
Reinforcing the information above, WordPress backups and updates are important!
If you’re not aware of how or if this happens for your website, check with the person who set your website up for you. Given the importance in relation to keeping your website secure, if backups and updates aren’t happening regularly, get a plan in place so to change that situation!
My web hosting company (WP Engine) looks after daily backup and WordPress updates as part of their package, which is a great option if you’d prefer not to get involved with this aspect of your website. Check if your web hosting offers something similar.
I recommend contacting Tessa Needham of WP Super Geek who offers an affordable, reliable service for all things WordPress, big or small.
Stay Up-to-Date by Attending WordPress User Meetups
I’m so impressed by the quality information that is shared during the Melbourne WordPress MeetUps. As well as Chris’ presentation, Amelia Briscoe covered .htaccess and Tristan Penman covered an Introduction to SSL, both of which were also full of high quality, informative and important information.
I always learn new and valuable things and recommend joining if you want to keep up with all things WordPress and be able to ask your questions directly to WordPress experts.
If you’re not in Melbourne, search meetup.com to find out if there are relevant groups in your city.
Until next time
Melinda aka Mel is a Premier Google Partner, AdWords & Analytics Consultant, Speaker and Trainer and co-owner of Click-Winning Content. Mel provides results-driven services to Australian businesses and is committed to never using an acronym without explaining it first. She also likes grand slam tennis, cracked pepper and Melbourne sunsets. Please connect at the links below.