There are now many options for a casual user to create a website. One of the most popular is the WordPress platform. It offers a wide range of themes to meet all requirements and provides many add-ons increasing the functionality of sites.
There are, however, some concerns about the security of websites built on the WordPress platform, particularly for e-commerce and business websites. Each week Google blacklists about 50 000 sites as phishing sites and 20 000 sites for distributing malware. Fortunately, there are ways and means to reduce the WordPress security risk considerably.
Here are some of the techniques used to increase WordPress security.
The first thing to do is to make sure that your WordPress installation is up to date. WordPress can automatically install minor updates (if you choose to), but you may need to manually initiate major updates. If you are using themes and plugins from third parties, make sure that these are also up to date.
Application of the updates is essential to make sure that your site is protected against the latest threats, and that it maintains its stability. Make it a regular chore to check for updates of both the base WordPress and any themes and plugins you use. Delete any plugins or themes you no longer use.
The next area where WordPress security needs scrutiny is that of site security. Most hacks are perpetrated using stolen passwords. You must secure access to the admin area of your site, as well as FTP accounts, database accounts, any hosting passwords. In short, any access credentials for your site or its supporting environment.
Use strong passwords. They should be at least 10 characters long, a mixture of upper and lower case characters, special characters and numbers. If making up and remembering a password of this type worries you, there are applications that will generate them for you and store them in a secure password vault.
Don’t give anyone access to the admin account unless they absolutely must have it. Keep it highly secure. It’s a no-brainer, but change the default admin username and password. Lots of people don’t. Maintain your WordPress user lists and make sure the associated security levels are appropriate. It may be wise to install two-step authentication. A further step is to limit login attempts. Many hacks use brute force attempts to find out passwords.
Find a good hosting provider
The next place to look is at your hosting provider if you have one. Make sure that your provider has, and applies, security measures that will minimise the potential for attacks on your site. A good hosting provider will have no issues in explaining their security policies to you and allowing you to test them from time to time.
Some industry pundits say that the only secure site is the one that hasn’t been hacked yet. At some point, it is inevitable that your site will suffer an attempted or real hack. Most WordPress users don’t think about backups, but you will need one if your site is hacked and you need to reinstall a clean version. There are plugins to help with the process and to make sure you backup all that is needed for a successful restore. Do it on a regular schedule and keep to it. Always backup before applying a major WP upgrade. It may not be compatible with your themes or plugins and bring your site down.
Don’t put your backup on the same hosting provider as your website. Use Dropbox or some other cloud-based service.
All the suggestions outlined above don’t need programming, but if you feel a bit of a whizz at file editing or PHP programming there are many more tweaks and edits that will increase the security of your WordPress site.
To summarise, WordPress security needs careful and continual attention. Basically, all you are trying to do is make the hacker think that the return they will get from expending the time and effort needed to hack into your site is not worth it, and they will move on to someone else’s site.