WordPress Security: 10 Tips For Keeping Your Site Secure
This post I answer the important question ‘How do WordPress websites get hacked?’ and I provide 10 tips on how to keep your WordPress site safe.
How do WordPress websites get hacked?
The vast majority of sites being hacked are not hacked by some human siting in a dark room wearing a hoodie. Majority of hacks are automated and are conducted by computer programs (also referred to as bots).
- 41% get hacked through vulnerabilities in their hosting platform
- 29% by means of an insecure theme
- 22% via a vulnerable plugin
- 8% because of weak passwords
This concludes that the vast majority of site hacks are being caused by compromised hosting platforms, vulnerable themes, insecure plugins or due to weak passwords.
Another thing to understand is that hacking into a site by guessing a password is also not done by a human. Most password hacks are called brute force hacks, which means that an automated program (or a bot) identifies your login page and tries logging in with different combinations of username and passwords. A bot can cycle through thousands and millions of combinations within a very short space of time.
Now that we know what causes most hacks, I'd like to share with you what we can do about preventing these hacks.
How To Keep Your Site Safe
I’ll share 10 recommendations that will help you keep your site safe.
1. Choose A High-Quality Hosting Provider
Posmay Media offers Concierge WordPress Hosting Plans that include free WordPress maintenance. We take care of all the technicalities on your behalf, so you can focus on growing your business.
If you prefer managing your own hosting, then we recommend Dreamhost (if you're just getting started) or WPX Hosting (if you need more advanced hosting).
2. Perform Regular Backups
This cannot me understated! Make sure to have a backup strategy in place. There are multiple options for creating reliable and automated backups of your WordPress site. We use and recommend the All-In-One-Migration plugin together with Dropbox cloud storage.
3. Fortify Your Login
Strengthen your login by implementing the following steps:
1. Always use strong passwords for all accounts — https://strongpasswordgenerator.com/
2. Keep passwords safe — Store them in a secure place, like a password manager app
3. Avoid using the default admin username for any accounts
4. Force strong passwords — make it compulsory for all users to use strong passwords
5. Limit login attempts
4. Add SALTs To wp-config.php
Make sure to add these random strings to your wp-config file to add another layer of protection. Dreamhost's One-Click installer adds unique SALT's automatically.
5. Set A Unique Table Prefix
Make sure to set a unique table prefix to your MySQL database when installing WordPress. Dreamhost's One-Click installer adds a unique table prefix automatically.
6. Keep WordPress Up To Date
Conduct regularly WordPress maintenance and keep your WordPress core files updated. Before updating, always create a backup in case something goes wrong.
7. Use Premium Themes and Plugins
Always make use of premium themes and plugins that are reliable and maintained. There are endless free themes and plugins available online, but many of them are not updated and can introduce unwanted security risks to your site.
We use and recommend Thrive Themes, as they have a great toolbox of themes and plugins to help you optimise your site for conversions.
8. Keep Themes and Plugins Updated
As part of your regular WordPress maintenance, make sure to keep all your themes and plugins updated.
If WordPress maintenance is something you'd like to outsource, consider our Managed WordPress Hosting Plans that incl. free minimal WordPress maintenance.
9. Keep Your Computer Clean
Keep your computers operating system updated and uninfected. Avoid any software that may compromise your system including Malware and Viruses.
10. Stay informed and up to date.
Keep yourself informed with regards to WordPress developments. At times critical security breaches get announced or a new update needs to be applied. Whoever is in charge of managing your website(s) needs to stay in formed.
Get the Posmay Media Newsletter
Weekly insights & the latest content straight to your inbox.