Web Design, Programming, and Business

Keeping Your WordPress Site Secure

If you work with websites then you’re well aware of the necessity of keeping your sites up to date and secure. 2014 has been a record year for malicious hacks when it comes to the wide world of the web. It seems every other day we’re reading about another major business or retailer whose site has been compromised.

Whether you’re maintaining a massive site for a world wide recognized brand or a local home grown shop, you need to implement basic security practices to minimize your vulnerability.

It was only a short time ago that I came across an article at WP Explorer:Is Your WordPress Site Secure? 10 Things to Look For. Tom Ewer lists ten common sense security points you should be aware of when it comes to your WordPress installations.

If you would like to see how you can manually implement the protections Tom describes, then jump on over to his post and take a look at his examples. I would like to give you a quick description of each of these points before offering up some recommended plugins that automagically do this for you.

  • Limit your dashboard accessibility
    • Whitelist your ip (Caveat: you always need to access your dashboard from the same IP)
  • Block directory browsing
    • You can make the contents of selected folders hidden from the  public at large.
  • Remove WordPress version information
    • Of course it’s useful to know what WordPress version you’re on but know that WordPress publishes the flaws and security holes of outdated versions. If your WP installation is out of date and that information is available to the world at large you’re only making it easier to be compromised.
  • Evaluate your username and password
    • Never use Admin as your Username. Make those passwords difficult. You’ve heard this time and again. Nothing stings more than knowing you dropped the ball when evaluating why your site got hacked.
  • Perform regular site backups
    • There are a TON of plugins out there that will do the hard work for you. Sometimes things go wrong that have nothing to do with malicious hackers or injections. Best to always have a recent back up of your sites.
  • Keep your site up to date
    • WordPress is on a fast track schedule when it comes to updates. Like I mentioned above, WordPress publishes the flaws and security holes of outdated versions. Stay up to date!
  • Pick secure themes
    • This requires you to do some homework. Read up on themes, check out the comments and reviews. Check and make sure the theme is being actively maintained. You’ll thank yourself in more ways than just security!
    • Pick secure plugins
    • See above. The same applies with plugins.
  • Protect your files
    • You can do it manually, or just see my recommendations below.
  • Pick the right hosting provider
    • There are lots of choices, so research hosting providers. Check out reviews, recommendations, and what the hosting provider offers.

So you checked out the points, jumped over to Tom’s article and examples and you just don’t feel comfortable messing with those files. No worries. These plugins will do just about everything mentioned above and they come with both Free and Pro versions.

  • ithemes Security: Over thirty ways to harden your site. They break down your existing vulnerabilities right in the dashboard and offer simple, one-click solutions to locking your site down.
  • Sucuri: Built in auditing, Malware scanner and security hardening.
  • WordFence: Malware scanning, site hardening, and more.

The Wrap

Keeping your site secure is of the utmost importance. It seems every other day there is a new vulnerability compromising sites across the internet. While implementing security measures on your WordPress installations may seem daunting, it doesn’t have to be. You can manually implement security measures to limit a malicious hackers field of attack, or you can implement a common set of security plugins designed specifically for your WordPress installations.

About the author

Aaron Day

Professionally building websites since 2002, I've worked at Microsoft, multiple agencies, and a few web design businesses of my own, including White Whale Web, a Boise-based web development agency. Previously, I was an owner of Thrive Web Designs from 2015 to 2022. I've taught classes, run design groups and even ran a benefit auction for 4 years in my free time. I love sharing and giving back to the web/creative community.

By Aaron Day
Web Design, Programming, and Business

Meet Aaron Day

Professionally building websites since 2002, I've worked at Microsoft, multiple agencies, and a few web design businesses of my own, including White Whale Web, a Boise-based web development agency. Previously, I was an owner of Thrive Web Designs from 2015 to 2022. I've taught classes, run design groups and even ran a benefit auction for 4 years in my free time. I love sharing and giving back to the web/creative community.

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.