Is it possible to make your WordPress website 100% secure? I’d like to say ‘yes’ but the truth is that no one can be 100% sure about the website security. I believe everyone can do something to keep the security on the highest possible level. There is always a risk, though, that someone will try to hack the site or blog with better or worse result. I’ve got some tips for you on how to make your website more secure.
There are so many changes in the online world on a day-to-day basis and making modifications in the original website code or even finding or installing a new plugin or theme may open the door to unwanted hackers.
I do believe, though, that you can make your website more secure by avoiding the typical mistakes many people (still!) do and making sure you have implemented the basics.
As I personally use WordPress CMS, I use its name alternately with the word website in this article. Please keep in mind, however, that the tips and advice refer to any website build on any platform, there may just be the difference in the way of implementing that depends on the CMS you are using.
Let’s get through some basic tips and ideas that may help you to keep your blog and/or website safe:
Protect your username
If your WordPress username is ‘admin’, ‘user’ or ‘test’, then you better change it ASAP. These are the first words hackers try when breaking into the WordPress accounts! Think about a username that is easy to remember for you, but not easy to guess for others. For example, Sa19ra80h will be more difficult to guess than Sarah1980.
Make sure the username you log in with is different than your displayed username. As a default setting in WordPress, displayed username is the same as login username. You can set up a nice looking displayed username in the user settings in WordPress; it can be the name of your company, the name of your blog or your nickname.
Protect your #wine #website - create a username that is difficult to guess by others. #winebusiness Click To Tweet
Now, if you think: “wait a minute, it will take a while before anyone can find out my username – there are so many combinations possible!”, then you may be very surprised how wrong you are. There is a very simple way to check it, just type the following in your browser’s address bar (remember to change ”your-website-url” into your own website url address:
It will show you the WordPress username / author’s name. By changing the last number in the url to any other number, you can check the usernames of other authors if they exist.
If you are the only author on your website, then you don’t have to use the author’s name in every single article you publish, as it is obvious who wrote it. I recommend disable the author’s archives and redirect the author’s archives URL to the home page.
Displayed username & log in username
Also, please notice, that even if you set up a displayed username and keep the author’s name visible under each post, the real username will be shown in the author’s archive URL link.
Try it now: go to any WordPress page you know (it might be your own website) and cover the author’s displayed name with a mouse cursor, it will highlight the URL link to author’s archives and in this link you will see the real author’s username.
Protect your #wine #website - make sure your displayed username is different to your log in username. Click To Tweet
I believe disabling the authors’ archives and not showing the author’s name under each post, especially when you are the only author on your blog, are better for you if you want to make your WordPress more secure and protect your username.
Create a strong password
Test1234, qwerty, pass1234 – I hope these are not your passwords… but imagine they were mine! Although it was a long time ago and I was not allowed to change it (my former IT colleagues at my work ”knew better”…) I had these passwords for years. Has someone ever hacked the account? Yes, of course! Did they send me a new password after the incident? Yes, to another ‘test-type’ password.
So, what’s the point? It’s like making a password public and saying ‘hey guys, I’m here, come and get what you want’. Take care of your password and at least make it more difficult for hackers to guess it.
Make sure you are using a strong password. Use a combination of lower- and uppercase characters, numbers, and symbols, make your password long enough; I recommend at least 14 figures. Admin123 is not a strong password. The BE4&rpo38SYn(gEe@53-YGS% will be almost impossible to guess, do you agree?
I hope I don’t have to remind you to keep your password only for yourself..?
Protect your #wine #website - create a strong password and remember to change it from time to time. Click To Tweet
To make your website more secure, remember to change your password from time to time. Don’t just add a new character to your old password; I still cannot believe people do that!
I am sure you are able to create a new, not easy to guess (but easy to remember for you) password. If you have problems with that, then why not to try one of the available tools such as online password generators, which create a password for you?
Be up-to-date with updates
Please look at the pictures below. Which one looks more familiar to you?
If you see these small round circles with numbers (the top image above) somewhere in your dashboard, it means there are updates available for your website. I recommend to update all of them.
It doesn’t matter whether it is your CMS update, the plugins update or a theme update. To make your website more secure, make sure you apply ALL of the updates.
Make sure you have the latest version of WordPress and your themes and plugins are all up to date. Click To Tweet
Remember to update themes and plugins you don’t use but are installed in your plugins directory. Your website may be in danger if you do not update themes or plugins, even if you don’t use them.
Don’t use it? Delete it! :)
Talking about the security of your website is a good moment to take a closer look at your plugins. Are all of them active? Are there any that hadn’t been updated by its authors for more than a year? If so, delete them now, before they open the door for the hackers. I recommend doing a small check-out of plugins every few months. Remember to replace the ones that hadn’t been updated with alternative newer plugins.
Moreover, after an update of your CMS system (such as WordPress, Joomla, etc), make sure all the plugins are compatible with the new version of it. Within a few days after the update of your CMS, the plugin updates should be available.
How about themes? How many of them have you installed on your WordPress? I believe only one of your themes is active anyway, so why do you keep the rest of them? If you have a good reason to keep the other themes installed on your CMS, remember to update them as well on a regular basis.
Delete all of the themes and plugins you don’t use or haven't been updated for months. #winewebsite Click To Tweet
To make your WordPress more secure, I recommend deleting all of the themes and plugins you don’t use. Keep in mind that deactivating the plugin in your plugin directory is not enough; you need to delete it.
Notice: if you use the child theme, do not delete the parent theme.
Legal sources only
One more thing, quite obvious, but still many people do the opposite: if you download any new plugins or themes, do not get them from untrusted sources. If you download a ‘free’ premium plugin or theme, you not only stealing, but also most probably it comes with spam or a virus.
Therefore download themes and plugins only from trusted sources and sites. Whether it will be WordPress plugins browser or plugin author’ web page, make sure you can trust the source you’re about to download from.
Back-up your database and files regularly
Before updating your WordPress to the newer version remember to backup your database and files. Do it every few months, just to make sure you have the most recent copy of your website. It will not protect it fully, but at least you will have a copy of your files if something bad happens.
Back up database and files regularly and make sure you have the most recent copy of your website. Click To Tweet
If you don’t know how to do it, look for backup plugins on WordPress – the plugin will backup your files for you.
After backing up and updating your MCS, themes and plugins, visit your website’s URL. Check if it is working as it should. If so, then back up the files again. You want to keep the most recent backup of your updated and clean website.
There are more ways, tips and tricks to protect your website. In this article, however, I’ve focused on the basics, which you can apply to your WordPress on your own. I believe you can make your website more secure by making sure you took the basic steps towards a better security.
Well, those are my security tips. Do you have any other advice? What do you do to make your WordPress safe? Share your thoughts in the comments below, I’d be happy to read.