How to Keep Your WordPress Site Secure

Real life criminals tend to be opportunists, right?  If a home is securely locked and protected by an alarm system or even a watch dog, the intruder is most likely to pass by and find a place that is easily accessed.  Well, cyber criminals are the same way. Why should they take the time to hack into a site that is secure when there is an easy way into another site that has not taken the necessary security precautions?  Take some time and protect your site so that your content, design, and lots of hard work do not disappear overnight.

1. Secure your Computer – If you are an internet user, than you know the importance of internet security.  It is absolutely essential that you have a virus protection software to protect you from potentially harmful.

1. Create a Strong Username & Password –  WordPress automatically gives you a username of “admin” and hackers know this, so be sure to change the username to something that cannot easily be guessed.  Just by mixing letters and numbers or adding symbols, you can create a username and password that is much stronger.  If you need help choosing a secure / strong  password, try Strong Password Generator and you can also protect your password with the Ask Apache Password Protect Plugin.  Another trick to keeping your WordPress site secure is by regularly changing your passwords.

1. Keep WordPress & WordPress Plugins up to date – Updates are created whenever there is something within WordPress or a particular plugin that has been fixed and improved.  As you know, technology is always changing and moving forward.  If you do not stay up to date with updates, your site is vulnerable to attack.  Cyber criminals have their way of finding sites that have not been updated.

1. Back-up  Database – Just in case something does happen it is SUCH a relief to have a backup. Even if you don’t know what to do with the back-up files you can hire someone to restore your site.  My favorite plugins to do this are WP-Back-up and WP-DB manager.  Both allow you to schedule back-ups and either save files directly to your hosting server or onto your computer.  And if you are doing any major changes or updates, it is important to do a back-up first.

1. File/Folder Permissions – There are certain permissions that your files and folders should be set to in order to keep your site secure.  A properly configured web server will not allow other users to have access to your files no matter what the permissions are.  But these should always be checked.  Allowing an application to have write access to your files is a dangerous thing, particularly in a public environment.  According to WordPress, they say “it is best, from a security perspective, to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create special folders with more lax restrictions for the purpose of doing things like uploading images.”

1. Security Scan – A very useful plugin to have activated is WP Security Scan. It will hide what version of  WordPress you are using, check your passwords, file permissions and database.  It basically scans your site to find problem areas that need to be addressed and could possibly let a hacker in.