Is Your WordPress Site Secure?

WordPress is an easy-to-install publishing platform with thousands of plugins and themes that can be used to customize the look and functionality of your website so that it’s uniquely yours. And the best part ? It’s free! That’s why it became the go-to website platform among online bloggers and business owners. In fact, 19% of the web runs on WordPress. And I know many of our readers have WordPress sites.

But all the free stuff does not come without risk. Here are some vulnerabilities your WordPress sites may be exposed to:

• Malicious hackers often offer free plugins & themes as a way to gain ‘backdoor’ access to your site. They can take advantage of your website anytime they want as long as you’re using their plugin or theme.
  

• There’s no licensing board for web developers. This means that as a website owner you have to decide for yourself whether the plugin developer you hire is the real deal, or you’re leaving your site in the hands of a hacker.
  

• Because it’s free and very easy to use, a lot of online entrepreneurs who aren't tech savvy attempt to build their sites on their own, which, as you guess, are can be very vulnerable to hackers. 
  

So if it poses major security risks, why do people keep on using it? Because with a few simple steps, you can secure your WordPress sites. 

1.       Don’t use one-click installers. You probably heard of a tool that lets you install WordPress in just a click of a button. Very tempting. But if you want a secure website, avoid one-click installers like a plague. 

With one-click software, you can’t choose secure database details because these installers will do the job for you. Plus, they may install an outdated version of WordPress. Not to mention other ‘complimentary’ plugins and themes that you don’t really need.

Install your WordPress manually. Get your hands a little dirty. The instructions are simple and you’re good if you just follow them step by step. 

2.       Secure your password. Security and peace of mind can be achieved by just changing your password. Avoid using words on the dictionary or passwords like ‘buttercup123’. A secure password should:

• Be at least 18 characters longs
•  Be a mix of uppercase & lowercase letters
• Contain numbers or special symbols
• Be unique for every account
• Be hard to remember – if you can easily remember your passwords, others might, too.

3.       Limit user roles and capabilities. WordPress is built so that you can grant access to a member of your team. However, access should only be limited to let a user do what he/she needs to do. Example, if you have a writer whose sole task is to add blog posts on the site, only grant him/her the “Author” access. This allows the Author to log in, add, edit and delete his/her own posts. 

4.       Avoid putting all your eggs in one basket. Meaning, if you have multiple sites, avoid putting them all in one cPanel or hosting account. If one site gets compromised, all your other sites will be easily accessible.

5.       Only install plugins & themes from trusted sources. While most plugins and themes are safe, there are still some rotten apples out there, like this one. Wordpress.org is a very rich repository of safe-to-use plugins and themes. 

6.       Install security plugins. Plugins like WordFence and BetterWP Security exist to help website owners secure their WordPress sites. They prevent automated and forced login attempts, block IP addresses of known hackers, and perform other functions to keep your site safe.

7.       Update and backup regularly. New versions of plugins and themes are released by developers to improve functionality or address issues that exist on the older version.

You should also make regular backups. If, despite all precautions taken, your site is still hacked, you’ll thank yourself for making a backup.