7 Tips to Increase Wordpress Security
It happens to all of us sooner or later -- some hacker finds his way into your blog and wreaks havoc there, and you frantically look for solutions on how to increase Wordpress security. Unfortunately, that's alot like shutting the barn door after the horse has escaped.
Rather than being reactive, be proactive and increase your Wordpress security before you need to. If your entire business is online, you need to take steps today to ensure that your site is as well-protected as you can make it.
Here are 7 quick tips to increase your Wordpress security:
1. Use reputable host. Your web hosting service can make or break your business. Most of us use a shared hosting service because the cost is much more reasonable than dedicated hosting service. If you can afford it, the dedicated service is preferable, but for the rest of us, use a reputable hosting company that has been in business for awhile and is well-known. My recommended host is Bluehost. (link to bluehost.com/track/dgunter)
2. Keep Wordpress up-to-date. Keeping your Wordpress site updated with the newest versions of the software, your theme, and your installed plug-ins is a quick way to thwart any security vulnerabilities. Failing to regularly update your site makes your site just "asking" to be hacked. Since I have multiple web sites, I'm using WP Update Robot (link to WPUpdateRobot.firstname.lastname@example.org) to help me keep all of my sites updated.
3. Use secure passwords. The best passwords are nonsensical and have a combination of letters, numbers, and symbols. Changing your password regularly can also help. I keep all of my passwords secure using Roboform Everywhere, (link to roboform.com/php/land.php?affid=dgunt) which also contains a built-in password generator.
4. Change login name. If you are still using "admin" as your primary username, add a new administrator username and password immediately and then delete the admin user. Everyone who uses Wordpress knows that "admin" is the default username issued by Wordpress. Don't make the log-in process easy for hackers.
5. Remove excess plugins. If you have plugins that you're not currently using on your Wordpress installation, deactivate them and delete them. Ideally, the fewer plugins you use, the less vulnerable your site is, so in this case, less is more. However, if you're like me and try out new plugins constantly, have a process in place where you delete those that you don't choose to use.
6. Conduct regular site backups. Whether or not your site is breached, it pays to have backups to your site, just in case you break something on your site, or an update doesn't work as planned. I use Wordpress Twin (link to fladlien.infusionsoft.com/go/wptwin/dgunter ) and have purchased and installed the auto backup script for WP Twin to make the backups automatic and painless.
7. Kill comment spam. Comment spam is more than just a nuisance. Most comment spam is self-serving or promotional, However, lurking within comment spam might malicious links or spyware, unless you stop comment spam before it gets to you. Rather than trying to manually delete comment spam, use a plugin like Akismet (link to akismet.com/ ) or WP Spam-Free (link to polepositionmarketing.com/library/wp-spamfree/ ) to eliminate spam-comment headaches.
Don't wait until you've been hacked to worry about the security of your Wordpress blogs. Follow these simple steps to today to increase Wordpress security on all of your sites.