Keep your WordPress website secure and safe from hackers
Safety for your website is crucial. If your site is down, hacked or not working properly, your will most likely suffer from having worse search results on Google, which will reduce that amount of visitors to your website and hurt your bottom line in the end.
To make sure your website is always safe and secure, here are a few simple tips to take care of.
- Disable the WordPress Editor
- Do not use admin as username
- Use strong passwords
- Keep plugins, themes and WordPress up to date
- Regular file scans
Disable the WordPress Editor
This should be the first thing you do on a new WordPress installation or just in general. Keeping the WordPress Editor live will give hackers access to edit the files on your WordPress installation where they can inject code you don’t want on your site.
The editor can be disabled by adding a small price of code to the wp-config.php file. This can be done using FTP to connect to your websites files or using Sucuri security plugin.
define('DISALLOW_FILE_EDIT', true);
Add the code above before the line /* That’s all, stop editing! Happy publishing. */
Save the file and reupload it, anad that’s it.
Do not use admin as username
The username admin is the first username that bots will try when they try to gain access to your website. Best not to use this username at all.
The best username is something that can’t be guessed, kind of like a strong password, the more cryptic the better, but a simple username will work as well, as long as it’s not admin.
Use strong passwords
Using strong passwords is a must. Using passwords like “password”, “1234”, abcd1234″ etc. won’t work as they will be easy to hack. Make sure it’s at least 10-12 characters, using both small and large letters as well as symbols and numbers. E.g. pwf9#%$!*q
I can recommend getting a password generator App to use to generate passwords, or using one of the many Password services, like LastPass etc. which stores your logins and helps you login more easily and faster as well, then you only have to remember 1 main login for this service.
Keep plugins, themes and WordPress up to date
Keeping all plugins, themes and WordPress itself up to date is crucial as any security errors in plugins are regularly discovered, hackers will use these to gain access to your site. Keeping up to date on the latest versions is a way to stop hackers using this route. Most of the times updates of course contains new functions, bug fixes and improvements, but from time to time there are security flaws discovered and a fix will be released for you to update. This can happend in plugins as well as themes and WordPress itself.
SiteWhiz.co can help you with these updates and making sure things are up to date regularly. Check out our WordPress Maintenance Plans here.
Regular file scans
Scanning your files for malware, harmful code, errors are important to make sure your site is safe and secure. Any issues spotted and you will be notified about this and can take action to fix the issue.
On your local site a plugin like Wordfence does the trick very nicely. Also optimizing your setup with Sucuri makes it easy to secure your upload folders, wp-content folder etc to not run PHP code in the wrong place.
Unsure on how to do all this, ask for our help. Our SiteWhiz.co WordPress Sitecare plans helps take care of this as we scan all files daily and fix issues right away, so you don’t have to yourself.