9 Ways to Keep your WordPress Site Secure from Hackers

Oct 16, 2017 | HOW WE MAKE IT

Web security is arguably the least fun aspect of managing your own online business. Like all safety measures, web security is easy to overlook until something disastrous happens to your site, such as a customer data breach or other hack.

But, fear not– we’ve rounded up some best practices that all bosses should implement to protect their website, customer data and your company’s reputation.

FOLLOW THESE BEST PRACTICES TO KEEP YOUR WEBSITE SAFE

how to keep wordpress site safe from hackers 9 ways 1

Use complicated username and password combinations
.

 

It’s such a pain to use complicated username and password combinations, but you must! Avoid using “admin” as the main username that you use to access your WordPress dashboard. Follow the password guidelines in this article for even more instructions.

Having a hard time getting creative? Websites like Strong Password Generator can help you come up with long, complicated combinations for your passwords. Just make sure to keep your passwords somewhere accessible and secure (we like using Last Pass).

2 how to keep wordpress site safe from hackers 9 ways 1

Keep WordPress and plugins updated at all times
.

 

WordPress is constantly updating its platform to improve performance, use and security. It’s crucial that you always keep your WordPress updated to keep your site secure and stable. Follow the instructions in this article to automate updates for major WordPress releases.

3 how to keep wordpress site safe from hackers 9 ways 1

Before adding a theme or plugin, know what to look for. 

WordPress is an open-source technology, which allows for incredible innovation and options from developers all over the world! With that, it’s important that you look for reputable, trusted products when installing themes or plugins. A few things to check for before you install:

 

  • Number of installs vs. number of reviews – this will give you an idea of how many people have not only installed the plugin, but how many approve of its performance.
  • Last updated date – an engaged and reliable plugin developer will likely update its plugin once a week. If its been months or years since the last update, don’t install.
  • Support center – look through the plugin developer’s Support/Help section (be sure that there is a Support/Help section) to see how robust and responsive their customer service is.

Most plugins and themes will be updated by its developer once a week. To update, you’ll follow the instructions from your WordPress dashboard when you login. You can also follow these instructions to allow certain plugins to automatically update.

4 how to keep wordpress site safe from hackers 9 ways 1

Minimize the number of plugins installed on your website. 

 

It’s arguable whether or not adding too plugins can harm your website, but we recommend keeping plugins to a minimum. Adding too many plugins or insecure plugins can lead to slow website speed, crashes or hacks.

We know it can be tempting to add new plugins to your website for added functionality, but choose wisely before installing. Be sure to remove any unused plugins from your site, and before adding new plugins, be sure that one of your existing plugins doesn’t already offer the functionality you’re looking for. We recommend this article which provides a ton of detail regarding plugin best practices.

5 how to keep wordpress site safe from hackers 9 ways 1

Change your WordPress login URL (don’t use /wp-admin). 

 

One of the first things that you do when setting up your self-hosted WordPress site is to define the URL that you’ll use to login to your WordPress dashboard. By default the login page will look like www.example.com/wp-admin. We know this, and so do hackers. There are a number of ways to change the “wp-admin” URL string. The plugin WPS Hide Login is a lite plugin that offers this option.

6 how to keep wordpress site safe from hackers 9 ways 1

Implement an SSL certificate. 

A few definitions: HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are both protocols, or languages, for passing information between web servers and clients. HTTPS is a secure connection, whereas HTTP is unsecure. To migrate your site from HTTP to HTTPS, you’ll need an SSL (Secure Sockets Layer) certificate.

Implementing an SSL certificate on your website is not only good for security, it’s good for your search rankings. A few things to consider:

Implementing an SSL certificate can be laborious so it’s best to do so right from the launch of your website, if possible. Click here for more detailed instructions on how to enable HTTPS on your website.

7 how to keep wordpress site safe from hackers 9 ways 1

Update the .htaccess file to block IPs from all except your site’s administrators. 

 

This gets slightly technical, but a great way to block your WordPress dashboard from unwanted hackers-to-be is to update your .htaccess file to block IPs, groups of IPs or better yet, only grant access to specific IPs, which is what we recommend– no plugin needed! This editing is done through your main File Manager files found in your web host. Here’s a step-by-step instruction guide:

1) Login to your website’s cpanel

Typically accessible via www.example.com/cpanel

2) Click on File Manager

file manager

3) Be sure to display Hidden Files (this might be accessed under “Settings”)

show hidden files

Find the Settings dialogue box to display hidden files.

4) Click on the .htaccess file and click Edit

5) Add the following code at the top

<Files wp-login.php>
order deny,allow
Deny from all

# whitelist Jane’s IP address
allow from 99.999.99.99

</Files>

Example:

htaccess example block ips

8 how to keep wordpress site safe from hackers 9 ways 1

Add CAPTCHA for Contact Forms and WordPress Login Forms
. 

Have you ever had to tap that “I’m not a robot” box when completing a Contact Form on a website? This is a great way to block insecure bots and other malicious hackers from accessing your forms. Use the Google Captcha WordPress plugin or Better WordPress Recaptcha plugin on your site.

9 how to keep wordpress site safe from hackers 9 ways 1

Add a double-login
. 

 

Another way to protect your WordPress dashboard is to implement a double login, also known as two-factor authentication. Yes, it’s another username/password for you to remember, but one more layer of security from bots designed to hack into your site. Wordfence is a WordPress security plugin that allows you to setup a secondary WordPress login page, and also automatically blocks IPs with too many failed attempt to login to your website. Other recommended security plugins include Ithemes and Login Lockdown.

This post is part of our series 11 Essential Steps to Launching Your Online Business. We invite you to join the Digital Dame Collective by signing up for our emails to be the first to know when our new posts go live.

Tags:

We hope you enjoyed reading this blog post

If you'd like our team at Digital Dames to help you massively improve website traffic and conversions, just book a call.

Post Contributors

Jaclyn Hawtin

Jaclyn Hawtin

Senior Data Architect

Over a decade of experience in product management, devops, startups, and agile methodologies. Track record of simplifying complex technical processes for cross-functional teams. Proficient in user centered design, UX, IX, UI, IA, user research and data analytics for responsive web, mobile and tablet applications. Incredibly adaptable, fluent with both people and machines.

Mani O'Brien

Mani O'Brien

Conversion optimization manager

Mani is a senior marketing manager with roots in storytelling. She nerds out on everything data, technology, human behavior and design. Chat with her about UX/UI, marketing funnels, conversion and goal tracking, marketing experimentation and astrology (she’s a Virgo Sun, Aries Rising).

Most Read
Shopify Conversion Tips with Elevar CEO Brad Redding

Shopify Conversion Tips with Elevar CEO Brad Redding

In this episode we have our first podcast guest… we’re excited to welcome Founder & CEO of Elevar, Brad Redding. Brad has specialized in eCommerce and analytics since 2008 when he launched his first SaaS company that was a marketplace matching shoppers and...

4 Steps To A Successful AB Test

4 Steps To A Successful AB Test

Did you know that a CRO expert can easily pinpoint 50 to 150 problems on a website or mobile app? You can't attempt to fix all your problems at once, so how should you prioritize? If you want to convert more customers and increase sales, the answer lies in AB testing,...

Five Essential Components of your CRO Data Strategy

Five Essential Components of your CRO Data Strategy

The cornerstone to any successful CRO program is having the right data strategy, but what does that look like? In this episode we are talking about what your data strategy should look like, covering the five essential components you need for success. At Digital Dames,...

Free Analytics 101 Course

Sign up for free access to start your data journey
First Name
This field is for validation purposes and should be left unchanged.
Conversion Path Ep. 12 -- Shopify Conversion Tips With Guest Brad Redding from Elevar Ep. 12 -- Shopify Conversion Tips With Guest Brad Redding from Elevar More
More