We’re not going to lie; WordPress has its security issues. If you don’t look after your site correctly, you could come up against all sorts of challenges. But does it have to be a problem? Not if you take site security seriously. We’ve put together five ways you can do this, and keep your WordPress website safe.
According to the Sucuri 2019 Website Threat Research Report, outdated CMS applications resulted in a whopping 56% of cyberattacks Sucuri encountered. And although the number of attacks on WordPress was due to this fault (49%), WordPress had the lowest stats for this when compared to other applications Sucuri analysed.
Given WordPress is one of the most widely used website builders around (it has 65.1% of the market share as shown by W3Techs2), it gives us all the more reason to keep our WordPress websites up to date.
Although we protect our homes by locking windows and doors, having home and contents insurance, a burglar alarm and maybe even CCTV, it doesn’t mean someone won’t attempt burglary anyway. But by leaving your doors and windows open and a laptop on the sideboard, you’re asking for trouble. And, just like WordPress, the more measures you take, the better you’re protected.
So, how do you ensure your information is kept safe and secure from prying eyes and sticky fingers? We won’t go through the myriad ways hackers, scammers, phishers and Bob, the guy next door, might try to access your information. Instead, we’ll take you through the ways you can protect yourself, your customers and your website, so you’re at less risk.
NordPass put together this sorry looking list of the top 200 bad passwords of 2020. It’s surprising that people still use 123456 to secure their information. Even though some websites stipulate a password must contain an upper case, lower case, number and special character, the message hasn’t got through.
Just like the home analogy above, having an easy password is akin to giving someone the key to your front door. So, if you don’t want to remember a whole series of passwords for different platforms and apps, but you still want maximum security, check out LastPass or NordPass and get an app to do it for you!
If you’re a regular WordPress user, you’ll know plugins make the WordPress World go round. But plugins aren’t all created equal. Anyone (including Bob, the guy next door) can design a plugin with the right knowledge, but whether it’s executed well and kept up to date is another matter.
When you’re choosing your plugins, do so wisely. Choose a reliable source to get them from and update them whenever fixes or updates become available.
The fewer plugins you have, the better too. It means less software to keep up to date, fewer things to go wrong and, what’s more, it’ll keep your site pretty speedy too. The more plugins you have, the more snail your site will be. SEO-per.
Or not. Using themes that are not compatible with WordPress’s latest security features leaves you vulnerable to attack. As with plugins, themes need to be kept up to date, too, both by you as the theme user and by the theme’s creator (be that WordPress or another coder).
And, if you decide that you really want that all-singing, all-dancing theme like Avada, Divi or Impressa, make sure you buy it with the license. That way, you can ensure that the product is kept secure by keeping track of (and installing!) the latest updates.
If you are going to make any modifications to your theme, do so in a child theme, not the parent theme. Altering the parent theme means that when you update, all your changes will be lost. If you use a child theme, not only can you update your parent theme regularly (thereby making sure it is super-secure), but you can keep all your site enhancements too.
If you don’t already know, PHP is the code that’s behind everything in WordPress. New versions of PHP are regularly released to keep it secure and keep hackers out. Besides improved security, however, updated versions also increase the speed of your site, so if your site speed was plodding before, this means better SEO and increased visitor session length. Bonus!
The server or host your website relies on dictates the PHP version in use. Despite this, you have the opportunity to update that version should you wish. Here’s a more detailed guide on how (and more on why) to do it.
Yup, you guessed it—a security plugin. Security plugins are multi-talented pieces of software that can detect many types of threats your website may encounter, including dreaded malware. We use Wordfence, though there are others out there, like Sucuri and iThemes Security.
Not everyone out there has good motives when it comes to internet intent. Having this additional plugin will give you peace of mind that you’re not only protecting your site but the precious data of all your visitors too.
Not happy with your current WordPress support or security? Get in touch! Try our contact form, email us, or contact us through Google My Business or Social. Pick your favourite, write a message and hit send. Alternatively, book a 30-minute solution finder call with us; we’d love to help.
Hopefully, you found our blog helpful when it comes to keeping your WordPress website safe. Here’s a little list we’ve compiled so you can do your own research.