Did you know over 100,000 websites are hacked daily? That’s right, cybercrime is a serious threat to any company, and anybody with a WordPress site isn’t safe either. I have had a run-in with hackers (and had to recover my WordPress site), and you probably know it was ugly.
Hackers are actively looking for vulnerable websites to break and steal data that they can release for monetary gain or pure malicious intent. To protect yourself and your precious site, you should seriously contemplate hardening your WordPress security.
Considering you will lose revenue, time, and effort when hackers break into your website, we’ve created the following security checklist that you can use to secure your WordPress website. All the security items in the post are relatively easy to implement even for first-timers:
- Update WordPress
- Update Themes & Plugins
- Use Unique & Strong Passwords
- Install a WordPress Security Plugin
- Choose Great WordPress Hosting
- Use SSL (HTTPS)
- Create a Full Site Backup
- Use a Web Application Firewall (WAF)
- Disable File Editing in WordPress Admin
- Secure Your Login Page
- Add Authentication
- Log Out Inactive Users
- Scan for Malware & Issues
- Use a VPN
AS you can see, we will break the post into multiple parts covering everything from choosing a secure host to hardening your admin area and others. You will need to repeat some security tasks, such as updating your themes regularly. Other tasks are a one-off thing, but still have a significant impact on keeping your site secure. Check what you need to fix, and do it right away because hackers don’t waste time either.
1. Update WordPress
WordPress core is regularly audited and checked for security vulnerabilities. If security flaws and bugs are detected, core developers usually release maintenance updates. Minor updates are installed on your WordPress website automatically.
You will, however, need to update WordPress manually for all major releases. It’s a relatively straight forward process since you get a nagging message in your WordPress admin. Only 22% of websites run on the latest version of WordPress, which is sad considering how easy it is to update.
Don’t be in the remaining 78% since you’re essentially exposing your site to all manner of attacks by not updating your website. Usually, hackers are the first group of people to learn about any vulnerabilities in old versions, since they count on the flaws to launch successful attacks.
Before you update WordPress we recommend reading the release notes to see what’s changed and taking a backup of your website (just to be safe). This way you now what to expect when you click that update button, and you have a failsafe should anything go awry.
2. Update Themes & Plugins
While updating the WordPress core, don’t forget to update your themes and plugins
This article was written by Freddy and originally published on WPExplorer.