WordPress security is something we have touched on before in a previous article, and although the article did cover some fundamentals – today’s post aims to take a deeper look into things so you can really ensure you site is as safe as it can be. Today’s post will run though the main factors you simply cannot ignore when running a site based on WordPress, some may seem obvious to most, however prevention is better than cure so following these rules will help keep one one step ahead.
Always Keep Your WordPress Version Up To Date
The first step to keeping your site in your own control is to ensure your working with the best possible foundation (in this case, the core WP files themselves). It may seem almost too basic to mention but there are thousands of web admins to fail the most basic part of WP security – keep your WordPress version up to date! Most WP updates not only include occasional extra features for you to play with, they always include security fixes and patches, so its essential you take advantage of that the WP team give you and update as soon as any new version is released.
To have WordPress automatically update for you, you can the following to your wp-config file (for more info on this please see this article)
define('WP_AUTO_UPDATE_CORE', true); add_filter( 'allow_dev_auto_core_updates', '__return_false' );
Keep Your Plugins and Themes Up To Date
Much like the WordPress core files, your plugins and themes are another area you must keep updated. This can be tricky if your using themes or plugins from marketplaces like CodeCanyon or ThemeForest, but if your in any doubt you can head to your downloads are in these marketplaces and check to see what the latest version of your item is.
Use Reputable Hosting
These days, there is no shortage of hosting companies vying for your business – some of these companies can look very enticing, but you need to be diligent when choosing a host as the very cheap hosting companies rarely have any systems in place to keep your entire site safe from other sites being hosted on the same server, which can be a very serious problem if some less-than-savoury sites are being hosted on the same piece of the internet as yours.
The best advice we can give here is to do your research, impartial sites such as HostingReviews.io offer candid views from actual users, so be sure to check them out before choosing a new/replacement hosting provider.
Limit WordPress Logins
A simple yet very effective method of keeping your site under your control is to limit how many attempts a user is allowed when attempting to login to your site. This can help protect and brute force attacks which are still a real threat. This is something that I really hope becomes part of the WP core in the future – however in the meantime you can install and setup the marvellous Limit Login Attempts plugin.
In addition to limiting login attempts, you should also put any potential hackers off the track by using a custom URL for logging in. Its possible to do this via code, however id suggest simply using this gem of a plugin instead.
Audit Your Plugins and Themes
The final step you can take to help keep your site secure is to take a full audit of the plugins and themes your running. It can be easy to end up in a situation where you have many themes installed – but if course, the you can only use one so its essential to remove any unused themes entirely.
The same approach needs to be taken with your plugins also, if your not using them – remove them! After all, the more your running, the more opportunities your providing to any unscrupulous hackers trying to take control if your business.