Everyone says it,
No one would have any reason to hack my site,no one would even discover it, its low traffic.
Yes, we’ve all thought that, I have too.
A year ago when I read articles on websites being hacked, I never took any security measure because I thought my site wouldn’t be one of those.
But then, it happened. A site I built for a school event was infected with malware and completely taken down, although it happened after the event, it still was something I had built.
The worse part?I hadn’t seen it coming.
And I’m sorry to say but your WordPress site is getting hacked too if you don’t take security seriously.This isn’t only my experience, I’ve had clients that got their malware removed to install security later just because they weren’t cautious.
Keep your security updated and here is how you can do so.
1. Install a Security Plugin
I’ve also included it as one of the 7 must use plugins on your WordPress site.
- Enable successful & failed login attempts, alerts of plugin & theme changes or any other major event on your website.
- Harden your WordPress installation by hiding the WordPress version being used.
- Enable the integrity checker to make sure any WordPress core files are unmodified.
- If you’re an advanced user, you may block PHP files in certain directories such as WP-Content, WP-Include, and the Uploads folder.
2. Update your Plugins & Themes Regularly
This is really important.
Ever wondered why this is so emphasized upon?Well, because out of date plugins and themes can have vulnerabilities, in fact, the majority of websites are hacked because of exploits in themes & plugins.
The leading cause of compromises in today’s websites comes from the exploitation of software vulnerabilities found in out of date software, specifically in its extensible components
Avoid installing stuff that hasn’t been updated for more than a year by the developers.Apart from having compatibility issues, they can have security loopholes too.
I’ve seen clients having websites with over 20 updates pending all at once, when not taken care of, this can lead to security issues.
3. Use Quality Plugins & Themes
The preach is not over. Don’t download every theme or plugin you find on the internet, They can contain viruses bringing down your site pretty quick.
A good way to check for any vulnerabilities is to download the zip folder and scan it with an online malware scanner like VirusTotal.
4.Use Strong Passwords and Enable Brute Force Protection
According to Wikipedia, the most commonly used passwords are ‘123456′, ‘qwerty’ or well the word ‘password’ itself. If you’re using one of these, change them immediately.
Use passwords that contain a combination of numbers, lowercase & uppercase alphabets and special characters.
An example is, ‘[email protected]‘. A perfect combination of all 4 types of characters & also with a decent length.
This makes brute forcing a nightmare.
To make your job easier, use a plugin like Loginizer to enable brute force protection, it locks out a certain IP address after a certain number of failed login attempts.
With this being said, these are essential steps for securing your WordPress site and every administrator should be enabling these.
5. Get an SSL Certificate
No, it’s not expensive, CloudFlare offers a basic SSL plan for free and their is no reason you shouldn’t get one for your site.Its an essential for e-commerce sites because not only yours but also your users’ data is at risk without SSL due to communication being sent in plain text.
Apart from this, CloudFlare also protects your website from DDoS attacks.
What are your thoughts? Let me know in the comments section below.