Protecting your site from hackers encompasses using,
- secure password,
- updating your themes, plugins and WordPress software monthly,
- installing several security plugins,
- and using an SSL certificate.
WordPress Sites re the most popular and therefore the most targeted sites on the internet. That’s not to say that they can’t be secure but they aren’t secure out of the box. In this article I’ll take you through a process for keeping your site ‘un-hacked’ that will work for 99% of WordPress users.
Why keep your site secure?
If you don’t do the below your site will be hacked within several months or a year I’d guess of being on the internet. This means users will not be able to browse it and Search Engines won’t be able to show it as easily. You also won’t know your site has been hacked more than likely so you have to do the below in good faith that they are working and they do.
How to keep your site secure?
Secure Passwords
The first step is always to use a secure AND different password. When I say different I mean it can’t be the same secure password you use for another site. This is because it’s commonplace for passwords from one site, when they are leaked, are used to access different accounts for the same user because hackers know people use the same password for everything.
Use a Strong Password Generator to create a secure password and then save it someplace secure. I use LastPass to make sure I never have to remember these to login as it autofills these in my browser.
NOTE: In your User settings it is also possible to ‘enforce’ new users to use a secure password so that you know they too are using secure passwords.
Updating your themes, plugins and WordPress Core files
Monthly or max bi-monthly you need to update any themes, plugins and WordPress files as and when they are released. I wrote a more full article on how to update your site safely as it’s important to know a few in’s and out’s of this without breaking your site.
Installing and activating various security plugins:
WordFence
WordPress Sites are the most popular on the web but this also makes them a target to nefarious players. WordFence will do some basic security with their free plugin so you don’t have to worry as much about being hacked. There is a premium version which has better security features. If your site is a few months old already and you haven’t got some security plugin set up you are asking for trouble.
This plugin will also help walk you through how to resolve any hacks you may have also.
hCAPTCHA
Another layer of security that is useful in making sure you reduce the amount of spam comments you get in your WordPress site. This only allows ‘secure‘ users to fill in forms on the site and hence reduces the SPAM you’ll receive.
NOTE: I have tested a few different Recaptcha plugins and this one has the least effect on PageSpeed because it has a small JS footprint when testing in Google Page Speed Insights.
WPS Hide Login
As part of securing WordPress even further I install this plugin in order to change the login URL with which you personally (and your other users) use to login. This is an extra layer of security as a potential hacker now has to not only guess your username and secure password but also the URL with which to even try this hack.
It will change the URL from https://yoursite.com/wp-admin or https://yoursite.com/wp-login to https://yoursite.com/customNameHere
Should you pay for the updated versions of these?
If you can afford it and want the extra protection yes.
Use an SSL Certificate
An SSL certificate will allow users to send and receive info over your site with increased security as the data will be encrypted to outside users. make sure your site has one so that you and your users aren’t more vulnerable to hackers being able to view your data as is interacts with your website.
Most hosts will allow you to create these for free and even these are automatically done when you create the account or add a new domain to an account. If your host doesn’t provide free SSL certificates then think about looking for a new one on our WordPress Host Search Form where you can search. Most hosts will offer these for free theses days and many will transfer your site over to their hosting for free as part of the initial sign up.
