WordPress Security Tips


WordPress is the most popular and widely used content management system (CMS) out there. With that being said, WordPress has always had a bad rep when it comes to security. WordPress powers over 35.2% of all websites and with its ever-growing popularity, vulnerabilities and hacking attempts are also on the rise.

In this blog, I take you through my 5 top tips in preventing your site from being hacked!

1. Keep It Updated

WordPress is an open-source software which is regularly maintained and updated. Whilst minor updates are automatically installed, you will need to manually initiate the major updates that are released. There are thousands of Plugins & Themes on WordPress that you can install on your site which are created & maintained by 3rd party developers who regularly release updates. These too, require you to manually initiate the update. 

Did you know, 80% of WordPress websites that have been hacked, were running out of date versions of WordPress, Plugins or Themes? Allocating just 10 minutes per week to press the update button goes a long way!

2. Delete Unused Plugins

Plugins are a great way to customise, and add new functionality to your website and, with thousands to choose from, it’s easy to build up a hefty list of them! But, Plugins are a magnet for hackers, especially unused ones. 

A shocking 98% of WordPress vulnerabilities are related to Plugins. Taking the time to delete any unused plugins can significantly reduce the risk of your site being hacked! It’s also one less plugin to update!

3. Change your WP-login URL

For every website, the default login to WordPress, the address is “yoursite.com/wp-admin”. 

If we all know the default login URL, then hackers do too! This can lead to your website being targeted with attempts to crack your username and password. Changing the login URL or adding additional security questions, can help combat this.

4. Install A Security Plugin

I know, we were talking a lot about the vulnerabilities of using Plugins earlier BUT, security Plugins don’t count! They are a great way to secure your site and prevent it from being hacked. I suggest using the plugin Wordfence. Why? Well, it has been downloaded over 150 million times, and is consistently one of the top plugins for WordPress. It comes with a firewall which helps block bad traffic and, also provides a malware scanner which will identify any hacked or malicious files on your site. What’s not to love!

5. Use Cloudflare On Your Site

My 5th & final tip? Use Cloudflare!

Cloudflare is the biggest network operating on the Internet which helps block malicious bots, attackers, and suspicious crawlers whilst also protecting your site against Distributed Denial of Service (DDOS) attacks. 

It’s a great tool to use to prevent malicious traffic from even reaching your website! Not only can it help boost the speed of your website but, did I mention that you can get all of this for free?

Conclusion 

WordPress security is crucial. Maintaining your website security isn’t hard and can be done without spending a penny. If you don’t maintain your WordPress security, hackers can easily attack your site. All these tips can be implemented yourself, however, if you get stuck, I’m here to help! Get in touch & I’d be more than happy to help you out with improving the security of your site!

 

Nazrul Hoque – 01 June 2020