WordPress Security Best Practices
WordPress is one of the most secure Content Management Systems out there, but it still needs to maintenance to keep it as secure as possible. Here are some of the things you should be doing to keep your WordPress site safe from hackers and malicious software.
Back up your site regularly
This is the single most important thing you can do to keep your site safe and minimize down time in case your site is compromised. Even following all the below practices, no site is 100% secure, and regular backups are an essential safety net. There are many services out there that back up WordPress sites in a way that lets you restore them to their original glory with a single click. One service we recommend is Vaultpress, but whichever service you use, remember to test it a few times a year to make sure that it will be working when you really need it.
Keeping WordPress up to date is probably the most important thing you can do to ensure that your web site is secure. The WordPress team is constantly releasing updates to their core files, but it’s our job to make sure those updates get applied. There are three things to keep updated:
Plugins (even deactivated ones)
Themes (even deactivated ones)
All of these can be updated easily through the administrative panel. If you are managing your own site, we recommend running these updates at least every other day.
Delete unused plugins and files
Sometimes when creating a WordPress site on your own, you may install plugins and upload files that you end up not using later. Leaving these plugins and files sitting there can not only open your site to security vulnerabilities, but it can also affect the sites load times and overall performance. Making sure to delete these files is an important part of keeping your site locked down.
Use strong, unique passwords
Most people think their passwords are strong, and most of them are wrong. Unfortunately the days of using your dog’s name as your password are over – there are computer programs that can figure out simple passwords in a matter of seconds. I use this site to check my passwords before I use them – it’s not perfect but it will give you an idea of how secure your password is, and you may be surprised.
Here are the characteristics of a strong, secure password:
Long – At least 8 characters long, but 1o or more characters is ideal
Uses multiple character types – Both lower case and capital letters, numbers and symbols exponentially increase the strength of your password
Does not contain recognizable words
Does not contain your name or company name
Is significantly different from previous passwords – Simply adding one character to your old password is not recommended
Is unique to only one web site – as inconvenient as it may be, using unique passwords for each login is the best way to keep your data safe
Use a WordPress security plugin
There are a few great plugins that increase the security of your wordpress site. One plugin that is particularly good is Better WP Security, which is free on the WordPress plugin directory. It adds dozens of small changes to the way your site functions, and the total effect on security is definitely worthwhile. A word of caution – this plugin makes some significant changes to your wordpress database, so make sure to read the FAQ before implementing this.