WordPress Security Tips

Tips and Guides/ 05th Oct 2016/Will Cook-Martin

wordpress-guides

Security is a hot topic. It seems that not a week goes by without a news story about a large scale hack in some part of the world. Last week it was the turn of Yahoo to announce that 500 million accounts were exposed in a huge hack in 2014.

If you are a website owner, you should review the security of your site regularly. Whilst this guide focuses on providing WordPress security tips, it also contains general security information that all website owners will find useful.

1
Ensure WordPress and all plugins are up to date

We’ve already discussed the importance of keeping WordPress up to date.

WordPress is a very popular platform, as such it is a target for hackers who regular look at ways to exploit it. Thankfully the WordPress community constantly releases updates in order to fix any vulnerabilities.

So next time you login to your site, don’t ignore those warning messages about updates being available. If you do, you run the risk of your site having a number of security weaknesses for the hacking community to exploit.

wordpress_up_to_date

2
Remove any unused WordPress plugins or themes

We’ve all done it; installed a new plugin to test or deactivated a current plugin and then not uninstalled it once we no longer have a use for the plugin.

Whilst your WordPress site will no longer make use of the plugin, the files still remain on the server. As suggested in point 1, there is a constant cycle of exploits being found and new versions of software released in order to fix these vulnerabilities. So if the files remain on the system, they remain exploitable.

If you have any plugins or themes that you do not use, including those bundled with the WordPress install, you should remove these ASAP!

recycle

3
Use strong passwords

It may sound obvious but the use of strong passwords is something we cannot recommend strongly enough.

Hackers constantly look to exploit weak admin passwords. So if you’re currently using password123, qwerty or your pet’s name, you should change this immediately. Likewise if you use the same password for everything you should start using a different one or at the very least regularly change it. Otherwise once a hacker has your password, they have access to all your services.

If you struggle to remember passwords, don’t write them down! You should consider either making use of a password manager or use another techniques such as phrases to make remembering a difficult password easier. WordPress have some good advice here. To generate a strong password, you can make use of a service like strongpasswordgenerator.com

lock

4
Install a WordPress Security plugin

There are a whole host of WordPress security plugins to consider. Two that we recommend you look at are WordFence and Securi.

If you would like to read more on which WordPress Security plugin is right for you, you should read this article – Understanding the WordPress Security Plugin Ecosystem. Whilst a little out of date it is still very relevant

wordfence

5
Add two-factor authentication

Even with a strong password in place, with the advances in modern computer technology, brute forcing can still occur.

Two-factor authentication is common place in banking – you’ve probably got one of those keypad devices tucked away in a drawer that you put your card in in order to access your online banking account. You can do the same to access the WordPress admin area.

Plugins to consider are Google Authenticator or Rublon.

two-factor-auth

6
Disable file editing

If a hacker manages to access your admin area, the easiest way to change your files would be to go to Appearance > Editor in WordPress.

To resolve this, you could disable the editor by opening wp-config.php and adding this line of code:

define(‘DISALLOW_FILE_EDIT’, true);

disable-file-editing

Summary

If you have implemented all the above points, you will now have a more secure WordPress site

Of course there are other steps you should take, regular backups for example should form part of your security strategy, along with further security hardening techniques, including the use of htaccess rules.

If there are other WordPress Security tips you’d like to share, please feel free to post them using the comments section below

Will's our technical sales guy from the hills of Rossendale. A follower of Stoke City, father to Eddie, husband to Catherine and a fan of gadgets - oh and he's recently mastered the art of really slow DIY.
We have a very strong team here at Clook and we build on everyone's strengths and weaknesses, you have to be able to make a good brew too!

Chris James

Customer Login

Forgot Password? Cancel