By Jesse Ocean  |   21st November 17

protect wordpress website

Top 10 Tips to Protect Your WordPress Site

Wordpress, whilst being an easy-to-use platform, is not without its security risks. Most people know that to login to your site, they need only put in /wp-admin/ or /wp-login.php/ in order to brute force (a term describing how hackers use a database of guessed passwords and usernames and force their way into the site). There are, however, several ways you can prevent this from happening.

Here are the top 10 tips to protect your WordPress website:

1. Limit login attempts

Limiting login attempts is the first and foremost thing you must do to ensure that your website is safe due to the aforementioned brute force attacks. By limiting login attempts from a particular IP address for a set period of time helps to decrease significantly the amount of unauthorised users and may buy you some time to block those IPs from ever entering your site.

2. Change URL to login page

Of course, the most obvious solution is sometimes the one that is most overlooked and this tip is going to help rectify it. By changing it from the default login URL to something that is unique and known only to you, then you will be able to limit the number of people who know what your login URL is. Here is handy guide from WordPress themselves on how to do so.

3. Limit users

Like limiting login attempts, limiting users on your WordPress website helps immensely to reduce the number of people (obviously) that have access to your site. Give credentials only to people you trust and ensure that you change their passwords frequently so that should they decide to “give” the account to someone else, your security is less likely to be compromised. Which brings us to our next point…

4. Change your password and username frequently

Another obvious point to take into consideration as while many people claim that this is the best practice, they never actually practice it. But you should. By changing both your password and username more frequently, you’re ensuring the security of the website and making it more difficult to guess what either/or credential is.

5. Update software, themes and plugins regularly

Keeping your core WordPress, themes and plugins regularly updates ensure that you have the latest patches and bug fixes that would otherwise make it easier for a hacker to enter your site. Also, checking for compatibility of your themes/plugins with your WordPress before installing is ideal, as it will not only run more smoothly but will keep your WordPress (relatively) hacker-free.

6. Use two-step verification

This is a common security step you see implemented not just on WordPress websites but many other applications as well. A two-step verification is defined by this site as: “an extra layer of security that is known as “multi-factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.” By having said item, unless the hacker is near you or has stolen it from you, it is nearly impossible to login to your account.

7. Logout idle users

There’s that saying that an idle mind is the devil’s workshop. They should upgrade that saying to note that an idle user is the devil’s advocate. Many a time it is these “idle” users that cause trouble. By logging them out after a set period of time, you will be able to prevent them from causing more trouble to your site.

8. Limit dashboard access

Of course, with great power comes great responsibility. Oftentimes, this power is abused for the greater evil. By limiting dashboard access to users that you need on board but don’t fully trust with the entire site, you’ll be keeping nasty hands and minds at bay. WordPress has many different levels of functionality for each user role and by setting unique roles with unique powers, you’re able to tell who did what, or at least, narrow that list down a lot if something goes horribly, horribly wrong.

9. Install a Firewall on your computer

Having an antivirus is not enough nowadays with hackers getting brighter and brighter and constantly stepping ahead of the game. Installing a powerful, paid firewall will do wonders for your WordPress site and your computer itself. Security should be your utmost priority and investing in a firewall will be one of the many important steps you can take towards securing your site.

10. Backup your site

Last but not least, the most important aspect of protecting your site against hackers. If all else fails (and before it does), you should constantly backup your website in order to prevent data loss, which is the single most thing that hackers look to disrupt when going after your sites. Keep it on as many secure places as possible, both digital and physical – and do it constantly; we cannot iterate how important it is for you to keep your website fully backed up.

Here at Ooze Studios, we are dedicated to ensuring the safety of your website. By following these tips, we hope that your site will stay safer and easier to use. Should you require any assistance with any part of your website, be it in the beginning, middle or end, you can contact us here and request for a quote. We’d be more than happy to help!

Leave a comment