WordPress Security Checklist
The truth: Websites and blogs do get hacked. Having blog security is an absolute. Using a WordPress Security Checklist is a must (more on this later). However, WordPress blogs do not get hacked any more than other sites. Since WordPress is open source, which means that anyone can read the code—even the bad guys who spend all their time looking for vulnerabilities they can exploit. Add in the enormous popularity of WordPress, and it’s easy to see why you hear about hacks on a regular basis.
Myth: WordPress is a Security Risk
Fans of static HTML sites like to drag this out as the reason for remaining stuck with difficult-to-manage sites. While WordPress is definitely less secure than HTML (that’s just the nature of php-driven websites) it is by no means the security risk some people would have you believe.
Fact: Good Security Practices Greatly Reduce Your Risk
Managing the risk is the best practice. Just because you Drive doesn’t increase your risk of an accident, but Driving a car increases your risk of having an accident but that doesn’t mean you don’t drive. It just means you takes steps to reduce your risk. WordPress is no different. With a few security measures in place, your risk of being hacked is nearly non-existent.
Concerns about security can prevent you from using open source software and, in particular, the flexibility of WordPress. If you believe all the hype that WordPress is inherently unsecure, then you’re missing out on all the great things WordPress has to offer, for no good reason.
By implementing just a few security best practices, and a WordPress Security Checklist, you can greatly reduce your risk of being hacked.
Keep Your Site Up to Date – Update Plug-ins
This is by far the biggest risk when it comes to security. New vulnerabilities are discovered in WordPress and its plugins and themes on a regular basis, and if your site is out of date, it is at risk. Hackers actively search for outdated websites they can attack, so make it a point to keep your site up to date. Update plug-ins, themes, and the WordPress software itself.
Use Strong Passwords
Second only to out-of-date installations when it comes to inviting hackers, weak passwords are regularly exploited with a technique called a “brute force” attack. Simply put, a hacker sets a computer program to repeatedly attempt to log into your site using thousands of the most commonly used passwords and what are known as “dictionary” words.
Reviewing and updating your passwords as part of WordPress Security Checklist can help you mitigate vulnerabilities. This type of vulnerability can be easily avoided simply by choosing good passwords. Ideally, your passwords should:
- Be 12-15 characters
- Contain upper and lower case letters, numbers and symbols
- Never be used for more than one site
- Never be stored in plain text on your computer
- Never be sent by email, unless encrypted
Also, consider using a password manager such as 1Password to generate and securely store good, strong passwords. You’ll never have to worry about remembering your passwords, and you’ll greatly reduce your risk of being hacked.
Limit Administrative Access
Never use “admin” as your user name. Create user accounts for your staff and give them only the permissions they need. Don’t make them administrators if they don’t need to be. Use the principle of “least privilege”, the least amount of privilege needed to perform their duties.
Be Smart About Your Hosting
You’ve probably seen the claims for unlimited domains, space, and bandwidth for $2! You may even have a hosting account with one of these companies.
Here’s the problem. This type of shared hosting is inexpensive only because they overload their servers with thousands of websites. Similar to how crowded classrooms allows a cold to quickly spread, crowded websites on a shared server means one infected site is a risk to all the others.
Rather than looking for the least expensive (and riskiest) hosting option, choose a host that allows you to isolate each site on its own cPanel. Doing so will greatly improve the security of your website. I recommend FastComet and Siteground. You can read all about the comparison of hosting companies at Best Website Hosting for WordPress.
Perform Regular Maintenance
Performing routine maintenance on a daily, weekly, monthly basis is essential to security. Download our FREE Daily, Weekly, Monthly Checklist by signing up for our FREE Resource Library.
Use a WordPress Security Checklist for Plug-ins
You should consider using a WordPress security plug-in to manage virus protection, malware, and other vulnerabilities. There are two that I recommend:
- Wordfence (paid, but comprehensive web application firewall)
- iThemes (paid, lower cost than others)
In the end, the safety and security of your site and its data is entirely up to you. Follow the above steps and implement a routine maintenance checklist like the one offered in our FREE Resource Library and you should be fine.
Until next time, happy blogging!
P.S. Don’t forget to sign up for our FREE Resource Library!
Let’s be social: