Keeping Your WordPress Site Secure

By November 3, 2014 Plugins, Security No Comments

If you work with websites then you’re well aware of the necessity of keeping your sites up to date and secure. 2014 has been a record year for malicious hacks when it comes to the wide world of the web. It seems every other day we’re reading about another major business or retailer whose site has been compromised.

Whether you’re maintaining a massive site for a world wide recognized brand or a local home grown shop, you need to implement basic security practices to minimize your vulnerability.

It was only a short time ago that I came across an article at WP Explorer:Is Your WordPress Site Secure? 10 Things to Look For. Tom Ewer lists ten common sense security points you should be aware of when it comes to your WordPress installations.

If you would like to see how you can manually implement the protections Tom describes, then jump on over to his post and take a look at his examples. I would like to give you a quick description of each of these points before offering up some recommended plugins that automagically do this for you.

  • Limit your dashboard accessibility
    • Whitelist your ip (Caveat: you always need to access your dashboard from the same IP)
  • Block directory browsing
    • You can make the contents of selected folders hidden from the  public at large.
  • Remove WordPress version information
    • Of course it’s useful to know what WordPress version you’re on but know that WordPress publishes the flaws and security holes of outdated versions. If your WP installation is out of date and that information is available to the world at large you’re only making it easier to be compromised.
  • Evaluate your username and password
    • Never use Admin as your Username. Make those passwords difficult. You’ve heard this time and again. Nothing stings more than knowing you dropped the ball when evaluating why your site got hacked.
  • Perform regular site backups
    • There are a TON of plugins out there that will do the hard work for you. Sometimes things go wrong that have nothing to do with malicious hackers or injections. Best to always have a recent back up of your sites.
  • Keep your site up to date
    • WordPress is on a fast track schedule when it comes to updates. Like I mentioned above, WordPress publishes the flaws and security holes of outdated versions. Stay up to date!
  • Pick secure themes
    • This requires you to do some homework. Read up on themes, check out the comments and reviews. Check and make sure the theme is being actively maintained. You’ll thank yourself in more ways than just security!
    • Pick secure plugins
    • See above. The same applies with plugins.
  • Protect your files
    • You can do it manually, or just see my recommendations below.
  • Pick the right hosting provider
    • There are lots of choices, so research hosting providers. Check out reviews, recommendations, and what the hosting provider offers.

So you checked out the points, jumped over to Tom’s article and examples and you just don’t feel comfortable messing with those files. No worries. These plugins will do just about everything mentioned above and they come with both Free and Pro versions.

  • ithemes Security: Over thirty ways to harden your site. They break down your existing vulnerabilities right in the dashboard and offer simple, one-click solutions to locking your site down.
  • Sucuri: Built in auditing, Malware scanner and security hardening.
  • WordFence: Malware scanning, site hardening, and more.

The Wrap

Keeping your site secure is of the utmost importance. It seems every other day there is a new vulnerability compromising sites across the internet. While implementing security measures on your WordPress installations may seem daunting, it doesn’t have to be. You can manually implement security measures to limit a malicious hackers field of attack, or you can implement a common set of security plugins designed specifically for your WordPress installations.