9 Ways to Keep your WordPress Site Secure from Hackers

Oct 16, 2017 | HOW WE MAKE IT

Web security is arguably the least fun aspect of managing your own online business. Like all safety measures, web security is easy to overlook until something disastrous happens to your site, such as a customer data breach or other hack.

But, fear not– we’ve rounded up some best practices that all bosses should implement to protect their website, customer data and your company’s reputation.

FOLLOW THESE BEST PRACTICES TO KEEP YOUR WEBSITE SAFE

Use complicated username and password combinations
.

 

It’s such a pain to use complicated username and password combinations, but you must! Avoid using “admin” as the main username that you use to access your WordPress dashboard. Follow the password guidelines in this article for even more instructions.

Having a hard time getting creative? Websites like Strong Password Generator can help you come up with long, complicated combinations for your passwords. Just make sure to keep your passwords somewhere accessible and secure (we like using Last Pass).

Keep WordPress and plugins updated at all times
.

 

WordPress is constantly updating its platform to improve performance, use and security. It’s crucial that you always keep your WordPress updated to keep your site secure and stable. Follow the instructions in this article to automate updates for major WordPress releases.

Before adding a theme or plugin, know what to look for. 

WordPress is an open-source technology, which allows for incredible innovation and options from developers all over the world! With that, it’s important that you look for reputable, trusted products when installing themes or plugins. A few things to check for before you install:

 

  • Number of installs vs. number of reviews – this will give you an idea of how many people have not only installed the plugin, but how many approve of its performance.
  • Last updated date – an engaged and reliable plugin developer will likely update its plugin once a week. If its been months or years since the last update, don’t install.
  • Support center – look through the plugin developer’s Support/Help section (be sure that there is a Support/Help section) to see how robust and responsive their customer service is.

Most plugins and themes will be updated by its developer once a week. To update, you’ll follow the instructions from your WordPress dashboard when you login. You can also follow these instructions to allow certain plugins to automatically update.

Minimize the number of plugins installed on your website. 

 

It’s arguable whether or not adding too plugins can harm your website, but we recommend keeping plugins to a minimum. Adding too many plugins or insecure plugins can lead to slow website speed, crashes or hacks.

We know it can be tempting to add new plugins to your website for added functionality, but choose wisely before installing. Be sure to remove any unused plugins from your site, and before adding new plugins, be sure that one of your existing plugins doesn’t already offer the functionality you’re looking for. We recommend this article which provides a ton of detail regarding plugin best practices.

Change your WordPress login URL (don’t use /wp-admin). 

 

One of the first things that you do when setting up your self-hosted WordPress site is to define the URL that you’ll use to login to your WordPress dashboard. By default the login page will look like www.example.com/wp-admin. We know this, and so do hackers. There are a number of ways to change the “wp-admin” URL string. The plugin WPS Hide Login is a lite plugin that offers this option.

Implement an SSL certificate. 

A few definitions: HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are both protocols, or languages, for passing information between web servers and clients. HTTPS is a secure connection, whereas HTTP is unsecure. To migrate your site from HTTP to HTTPS, you’ll need an SSL (Secure Sockets Layer) certificate.

Implementing an SSL certificate on your website is not only good for security, it’s good for your search rankings. A few things to consider:

Implementing an SSL certificate can be laborious so it’s best to do so right from the launch of your website, if possible. Click here for more detailed instructions on how to enable HTTPS on your website.

Update the .htaccess file to block IPs from all except your site’s administrators. 

 

This gets slightly technical, but a great way to block your WordPress dashboard from unwanted hackers-to-be is to update your .htaccess file to block IPs, groups of IPs or better yet, only grant access to specific IPs, which is what we recommend– no plugin needed! This editing is done through your main File Manager files found in your web host. Here’s a step-by-step instruction guide:

1) Login to your website’s cpanel

Typically accessible via www.example.com/cpanel

2) Click on File Manager

3) Be sure to display Hidden Files (this might be accessed under “Settings”)

Find the Settings dialogue box to display hidden files.

4) Click on the .htaccess file and click Edit

5) Add the following code at the top

<Files wp-login.php>
order deny,allow
Deny from all

# whitelist Jane’s IP address
allow from 99.999.99.99

</Files>

Example:

Add CAPTCHA for Contact Forms and WordPress Login Forms
. 

Have you ever had to tap that “I’m not a robot” box when completing a Contact Form on a website? This is a great way to block insecure bots and other malicious hackers from accessing your forms. Use the Google Captcha WordPress plugin or Better WordPress Recaptcha plugin on your site.

Add a double-login
. 

 

Another way to protect your WordPress dashboard is to implement a double login, also known as two-factor authentication. Yes, it’s another username/password for you to remember, but one more layer of security from bots designed to hack into your site. Wordfence is a WordPress security plugin that allows you to setup a secondary WordPress login page, and also automatically blocks IPs with too many failed attempt to login to your website. Other recommended security plugins include Ithemes and Login Lockdown.

This post is part of our series 11 Essential Steps to Launching Your Online Business. We invite you to join the Digital Dame Collective by signing up for our emails to be the first to know when our new posts go live.

We hope you enjoyed reading this blog post

If you’d like our team at Digital Dames to help you massively improve website traffic and conversions, just book a call.

Post Contributors

Jaclyn Hawtin

Jaclyn Hawtin

Senior Data Architect

Over a decade of experience in product management, devops, startups, and agile methodologies. Track record of simplifying complex technical processes for cross-functional teams. Proficient in user centered design, UX, IX, UI, IA, user research and data analytics for responsive web, mobile and tablet applications. Incredibly adaptable, fluent with both people and machines.

Mani O'Brien

Mani O'Brien

Conversion optimization manager

Mani is a senior marketing manager with roots in storytelling. She nerds out on everything data, technology, human behavior and design. Chat with her about UX/UI, marketing funnels, conversion and goal tracking, marketing experimentation and astrology (she’s a Virgo Sun, Aries Rising).

Most Read
Black Lives Matter. The Ways We Commit to Antiracism as a Company

Black Lives Matter. The Ways We Commit to Antiracism as a Company

At Digital Dames we believe that Black Lives Matter. We have always held women, minorities and otherwise disenfranchised communities near to our hearts as we grow this company. With that, we recognize that there is much unlearning to do in order to unpack our own...

Mobile App Marketing: iOS 14.5 Apple’s App Tracking Transparency

Mobile App Marketing: iOS 14.5 Apple’s App Tracking Transparency

Mobile App Marketing: The Impact of iOS 14.5 Apple App Tracking Transparency Wow! Apple has rolled out its new privacy/consent updates with iOS 14.5 giving consumers more control over what data they share with mobile apps. What does this mean for mobile app marketing?...

What Is a Good eCommerce Conversion Rate?

What Is a Good eCommerce Conversion Rate?

What Is a Good eCommerce Conversion Rate? Are you looking at your conversion rates for landing pages and your eCommerce site overall wondering if they are good enough? You’re not the only one! The majority of eCommerce business owners have a conversion rate they would...

How to Increase Conversion Rate on Shopify

How to Increase Conversion Rate on Shopify

How to Increase Conversion Rate on Shopify The Shopify platform is wildly successful, but how do you go about improving conversions? Customers love Shopify. In fact, not only has Shopify managed to become one of the world's top e-commerce platforms, attracting...