10 easy ways to increase your WordPress security
By Jamie Hoyles, Clook Internet Accounts ManagerI’ve recently encountered a number of people who have had their WordPress websites compromised due to the security of their install not being adequate. Lets have a look at 10 simple steps to take that will minimise WordPress vulnerabilities.
Use strong passwords
This is the starting point. No Password1, don’t use your name either! Ideally you should be using a mix of upper and lower case, numbers and special characters. Keep separate passwords for each of your log-ins and perhaps use a password manager such as LastPass or Keepass to keep them stored.Don’t share your password with others
Sounds simple but one that is often overlooked. It’s easy to create a new WordPress user, do this and keep on top of those with access to your site.Always implement WordPress updates as they are released
Notifications can be set so that you are informed of a WordPress update. Use these notifications to remember to implement updates and your site will be best protected against hacks and vulnerabilities.Update your plug-ins too
From the dashboard you will be reminded of any plugins that have an update available. It only takes a minute or so to update so make sure this happens.Activate theme updates when available
Similarly, an update to a theme is quick and easy to download. Do remember however that any changes you may have made to your theme’s template will be lost when doing so. If you do want to customise your theme then remember to create a Child Theme first.Disable and remove unused plugins
By removing unwanted plugins you will save yourself from attack and also free up space and resources on your server. If you have a plugin installed that’s not being used then get rid!Use managed WordPress hosting
Managed WordPress hosting may use scripts to automatically update your WordPress core. You will benefit from better speed and performance too.Restrict cPanel & FTP Access
Another route for attacks could be via FTP or cPanel – as you would keep your passwords and users secure you should implement this practice here too. By default, here at Clook we will only allow FTP connections from whitelisted IPs.Keep your local machine and software up to date
It seems common sense but remember to download important updates for your operating system and do not click on those emails that seem too be good to be true!Encrypt your internet connection
Make sure your home and office networks are encrypted. Data sent over an unencrypted connection may be intercepted and your details could then become public. Similarly, try to avoid connecting to your WordPress website using public wifi – you don’t know who’s ‘listening’.At Clook we recognise that attacks will happen and sometimes data can become compromised. We always work with the user to rectify any such attack with backups taken daily, weekly and monthly as standard across our hosting platforms.
