What’s the best way to secure your WordPress website?
“How am I supposed to keep it safe from hackers and from accidental changes or deletions?”
If you have a WordPress blog or a website, you may be asking yourself those questions. If so, read on for some top tips to securing your WordPress blog or website.
In addition to any kind of fancy modifications or security plugins, there are a few easy steps you can take right now within the next few minutes to make sure your WordPress website is secure.
The first thing you can do is only connect to WordPress on a secure WiFi connection, only use trusted plugins, and keep WordPress up to date.
Do you know that when you connect to a website using unsecure WiFi, which means airport WiFi, Starbuck’s WiFi, public WiFi, that anyone can see your username and password. That means when you connect via FTP or simply log into your WordPress dashboard anyone can see exactly what your username and password is and join for themselves.
That’s why it’s very important to only connect to your WordPress site and only connect to FTP if you have an SSL connection or you’re connecting a cellular 3G network instead of WiFi. If you don’t know what any of those things are, then simply make it a point to only connect to your FTP website and WordPress from home instead of in public.
Next, only use plugins that you trust. Are you aware that any WordPress plugin, if it so chooses, can have access to your entire WordPress site? All of your users, all of your content, most of the time, to every single file on your website.
That is the reason why it’s very important that you only use WordPress plugins that you trust. Don’t go out and install 200, 300 plugins just because they all seem like they have cool features.
If a plugin is brand new, if no one seems to be using it, that is not a good sign, and it may be a Trojan Horse kind of plugin where someone had simply put it out onto the internet in the hopes that someone else will install it on their website, and now you have given the hacker complete access to your files and your content.
And, a very easy way to secure your WordPress website or blog is to keep WordPress up to date. People find security holes all the time, and WordPress is quick to fix those holes, but it does you no good unless you update your blog to the current version which is safeguarded against most attacks.
Luckily the most current versions of WordPress have a single button you can click to update it, which means it downloads and installs the most recent version so you are now protected.
And don’t forget to backup your blog.
Top Tips to Secure your WordPress Website
Believe it or not, it doesn’t take a rocket scientist to keep your blog safe from most hackers. It just involves you taking a few simple steps and a few safeguards to make sure that you don’t have problems in the future.
Here are a few things you can do right now.
- Make sure all your WordPress usernames and passwords are strong passwords.
- Keep your email secure.
- Lock anyone else’s IP address in your backend C-Panel.
- Install the Akismet anti-spam plugin.
You would be amazed and surprised at how many people simple passwords such as their name, pet’s name or names like test, or test1234 as the password to their WordPress blog. And in fact, there are robots or spiders that comb the internet trying to find these websites that have named their passwords in these simple names.
That means when you set up your WordPress account, don’t call it Admin, call it something that is non-standard such as your name. And when you have a password, name your password something with at least one number, one uppercase letter or even one punctuation character to ensure that no one can guess it.
The next thing you should do is make sure that no one has access to your email account. It does you no good to have a strong WordPress password but a weak email password, because someone can always gain access to WordPress by using the lost password tool. This means if someone has access to your email account, they can use the lost password and reset your WordPress password and now gain access to your website.
This means that you should secure your email, change your password regularly and be very careful who’s computer and whose wireless network you use to check that email.
Now here’s a great thing that any paranoid webmaster can do, using your C-Panel backend, you can in fact block access to what’s called the WP-Admin Folder in your WordPress site.
Basically you can go to a site such as what is my IP.com and it will show you a series of numbers. Now this number corresponds to you on the internet. And you can in fact block everyone on the internet from accessing your WP-Admin Folder, your administrator dashboard, and then only allow this specific IP address that is yours to access it.
This means that even if someone happens to have your WordPress password, even if you have a weak password, you are the only person who can login to that backend.
And finally, one thing that every blog owner should do that enables comments on their blog, is to use what is called the Akismet anti-spam plugin.
What this does is checks any new comments coming to your blog for spam. And if you don’t have a plugin like this, your blog will at some point be flooded with thousands and thousands of spam comments flooding your site with all kinds of nasty links and garbage. Install this Akismet anti-spam plugin or turn off comments entirely and that will help your blog from being spammed to death.
Those are some very simple tips to help secure your WordPress website/ blog. Use strong passwords, secure your email, block the WP-Admin IP addresses except for yours in C-Panel, and use the Akismet anti-spam plugin.
And you should definitely backup, clone and protect your WordPress blog right now by going to http://backupcreator.com/bc/?e=entrepreneur.