WordPress has become an integral part of content creation, no doubt. Lauded as one of the simplest and most powerful content management systems, it’s no wonder 23% of the sites on the Web (as of February 2015) are built with it.
But as with any open source tool, there are a number of risks that come with using it. As someone with a website (or someone seeking to build one), your top priority should always be to protect your information. After all, what’s the point of putting in all of that work just to have it cracked, ripped, or outright destroyed?
WordPress security should always be first and foremost on your mind when using it to build a site. To help, we’ve detailed below what we consider to be the most essential tips for keeping your WordPress security up to snuff.
Use Unique Passwords
Your password is the best line of defense when dealing with hackers, so avoid using common or simple words. Your cat might have a cute name that’s easy to remember—let’s say, Snuffles—but proper nouns and names are extremely vulnerable to brute force hacking methods.
A name might seem unique to you, but anyone can leverage common sense or information gleaned from your social media accounts to guess that it’s your password. So you might need to forsake your “Ashley” and “Cameron” passwords and start throwing some odd capitalization, numbers, or symbols in there.
“Snuffles” can’t protect you, but “5nUfl3z” sure can.
And while we’re on the topic of the login process, do consider using a two-step authentication process. There are plugins available that will allow you to enable this quickly and easily. As we’ve mentioned before, it can make all the difference in the safety of any of your accounts.
Keep Up With Updates
One of the major objectives of updates is to address any recent changes in security. If WordPress puts out an update, it’s likely they are fixing a security issue or amending a weakness.
We know it’s easy to get lazy and ignore that update notification, but it’s in your best interest to suck it up and give it a click.
Not staying up-to-date is a very lazy way to get nailed with some hacking action—and trust us, it’s not fun. Keep in mind that the older the version of WordPress you're using, the easier it is for hackers to know which security holes to exploit. Ensure your plugins and themes are getting some update attention as well, and you’re well on your way to keeping your WordPress security game tight.
Keep It Clean
Make sure you are operating from a clean source. By that, we mean your computer. All of the online security and fancy passwords in the world won’t save you if you’ve got a keylogging virus.
Keep a proven and effective anti-virus and anti-malware system on your computer. Do some research. Look at user and product reviews to determine what system works best for you. In consideration of your overall security, avoid free or cheap services. Saving yourself a buck is going to be a painful excuse if you lose all of your work to malicious online activity.
For this same reason, you should also avoid updating or working on your WordPress site from unsecure locations. PCs or networks that aren’t yours cannot be trusted.
You Are Not Your Admin
We’d be remiss to not bring this one up. WordPress was subject to a massive brute force attack not too long ago, and all users still using the default name of “admin” were targeted. By using batch passwords, a lot of accounts were compromised.
From WordPress 3.0 forward, this has been addressed and your username can now be made unique by altering your user account. Do it.
Back That Thing Up
It’s a pain, it takes too much time, or “I can’t be bothered.” We get it. Making a backup of all of your files is tedious and time consuming, but it cannot be overstated that this is one of the absolute necessities in consideration to your WordPress security.
While not being a “security measure” in and of itself, backing up your database and files ensures that if something goes wrong, you don’t lose all of your hard work. If it comes to the worst, keeping consistent backups give you a leg up on recovery, getting your site back up and running as soon as possible.
The best thing about all of these tips is they are easy. None of this stuff is going to take you more than a few minutes, and it will go a long, long way toward beefing up your WordPress security. And if, at the end of the day, the risks seem too great, consider something more robust like a custom CMS.