The last thing you want to find when logging into your WordPress website is that something went wrong. Whether you can’t log in, a virus has appeared, or your data has been deleted, it can make for a pretty awful day.
Krista here! I know that security isn’t the most exciting subject, but what would happen if your website was hacked?
It’s always good to have a plan, but I don’t want you to worry about those things. Today we’ll go through some quick ways to boost your WordPress website’s security. And trust me, taking a few minutes now to avoid a hacked site later is totally worth it.
[Tweet “Taking a few minutes now to avoid a hacked site later is totally worth it!”]
1. Use a good web host
When it comes to your hosting, cheaper is rarely better. Hosts have a large part to play in the security of your website. If your host isn’t secure, neither is your data.
We’ve used several different hosting companies throughout our years of blogging and we’ve currently settled on Siteground. From what we’ve seen, security is great, everything is easy to use, and customer service is ready to help.
2. Use a strong username and password
The top cause of WordPress websites being hacked is weak usernames and passwords.
Let’s tackle usernames first. If your username is anything other than “admin”, you’re good to go for the most part. However, you also want to do a quick check to make sure the “admin” username isn’t active by going to Users > All Users. The first column on that page is where you should look for the “admin” username. If it’s the current username you’re logged in with, don’t panic, but take a look through this tutorial and follow the steps to delete it. If you’re not logged in with the “admin” username, but it does exist, you can simply delete it.
Next comes passwords. If your password is a pronounceable word followed by an exclamation point or a couple of numbers, it’s time for a new one. A secure password consists of uppercase and lowercase letters, numbers, and symbols. It does make them hard to remember, but with a tool like LastPass you don’t have to remember it.
To change your password, go to Users > Your Profile and scroll down to the Account Management section. From there, click Generate Password, save the new password that appears, and save your account changes.
[Tweet “If your password is a word followed by an exclamation point or numbers, it’s time for a new one”]
3. Install updates
When you see those little orange numbers next to your Plugins or Updates menu items, it’s important to click through and get them taken care of. Vulnerabilities in themes and plugins are often the reason for an update and it’s important that you get those improvements as soon as possible.
4. Use a security plugin
Having a plugin that monitors and protects your site from hacks, malware, and more is important and there are several options available. For our own site, we use iThemes Security but have also used Wordfence in the past. Both offer a firewall, blocking of invalid password attempts, security scanning, and more.
5. Perform regular backups
Last, but certainly not least, backup your site regularly.
There are many ways to do this through your host, plugins, or manual backups. Our favorite is BackupBuddy. Whatever you choose, be sure that you’re backing up regularly and that your backups work. I’ve heard stories of people saying their host claimed that they backed up their site weekly, but when it came time to need one of those backups they didn’t actually work.
Having a recent backup will ensure you never completely lose your website. With a little work, you’d be able to get a recent version back up and running in no time.
These tips aren’t worth much if you don’t take action. Like I said before, I know security isn’t the most fun part of running a website, but it’s one of the most important. Questions about one of the above steps or a tip you love that we missed? Let us know in the comments!
*This post contains a couple affiliate links for products/services we love and use ourselves.