When it Comes to WordPress Security, Preventative Action Is Better Than “Too Late” Action
Regardless of platform, websites are constantly under attack. While WordPress is considered quite secure, there are still things that can be done to prevent attacks. WordPress security doesn’t have to be complicated and a few basic steps can save a lot of headache.
Login: Admin Password: Password (or admin)
Creating a complex password and a unique username is a necessity and part of the basics of wordpress security. We use Wordfence to monitor our sites and it is alarming how many hackers try logging in with “admin” and “password.” It is shocking how very few people take password complexity seriously. Having a poor username and password is basically like shutting the door to your house but not really locking it. Your website appears secure, but really the lock on the door is so common, many people could break in. Read more about complex passwords here. This doesn’t apply to just your website, either. Reusing passwords and having weak passwords gives the same faulty lock situation to bank accounts and email accounts. Password management can become tricky. If you need help, check out Dashlane. They also tell you what passwords could have been compromised and what platforms have had password leaks (such as the Yahoo leak). Also, Dashlane rates the strength of your passwords. The Yahoo breach is a perfect example of why you should not reuse passwords. Let’s say your username is “firstname.lastname@example.org” and your email password is “dslkfjw823hds09d.” You decide to use that e-mail and that same email password for your wordpress login. Not only is your email compromised- so is your WordPress site.
Updating Your Plugins (And WordPress)
Similar to keeping your operating system updated to patch security holes, WordPress and plugins should always be up-to-date. Hackers get smarter everyday. They find new ways around new security measures and developers are striving to keep WordPress secure. Good plugins will have good developers testing their plugins with the latest version of WordPress. Some plugins get abandoned and no longer work correctly with WordPress. These outdated plugins pose security threats to your websites. Not all plugins update automatically, so make sure you have the most up-to-date versions possible. For each plugin installed, the risk of security issues increases. (Besides, having an excessive amount of plugins can mean slow site loading speeds which can hurt your SEO score). Also, be sure to read the reviews to all your plugins. If a plugin has caused a serious issue for a lot of sites, there will undoubtedly be comments about it.
As stated earlier, WordPress is always being developed and patched for security issues. Updating from 3.5 to 3.6 means a major update. You should be ready to fix any issues that may arise from broken code before updating. Researching the update is also recommended. However, smaller updates such as 3.5 to 3.5.2 means small but important updates. It very well could be a patch for the latest wave of attacks going around.
Use A (Good) Security Plugin
These plugins help do work that most people aren’t able to. They prevent unauthorized logins, scan for malicious website code, alerts you to warnings and issues, and much more. We recommend Wordfence Security. As stated earlier, read the reviews and keep the plugin up to date. Especially this type of plugin. There is a team of developers constantly battling new types of attacks from hackers so that we don’t have to. However, security plugins like Wordfence require correct setup and configuration to work correctly. Monitor your Plugin. See where hackers are trying to get in.
Pick A Reliable Hosting Company and Designer
If managing your WordPress site and all the security responsibilities that come with it isn’t your cup of tea, be sure to do research on who you select to take up this roll. Cheaper isn’t better when you are desperately needing support but the tech support responses take days rather than minutes. A hacked website could mean loss of customers and can even affect customers by having your compromised website install viruses and malware to their computer. Your design and building team should be diligent on keeping your site up to date. Finally, know that things happen. Hacks happen to even the most reputable websites and hosting companies. Having a reliable team means the mess gets picked up even quicker.
Speaking of a reliable hosting company – contact us here or check out our maintenance plans if you need help with your WordPress site. We are dedicated to the security and quality of our client’s websites.