When it comes to setting up your WordPress website, there are a couple of very simple and straightforward ways you can improve security in less than 10 minutes!
Before even installing WordPress, though, it’s important to consider your web host and whether they’re properly equipped to host your WordPress website. With 41% of hacking attempts being caused by a security vulnerability on a hosting platform, it pays to host your website with a good quality hosting company, focused on security.
Sepcifically, you should look for a host that:
- Is optimized for running WordPress.
- Includes a WordPress optimized firewall.
- Has malware scanning and intrusive file detection.
- Has expert staff to deal with WordPress security issues.
Typically, I will install the latest version of WordPress and configure it manually, following our strict security guidelines. Here are five simple ways you can beef up your WordPress security:
Long, randomly generated strings for MySQL database name, username, password and WordPress table prefix.
Using Strong Password Generator, I will create long and complex strings to secure access to the website database. Even WordPress table prefix (normally just wp_) will be changed to a long, randomly generated string.
Remove ‘admin’ User, or User with ID 1.
Whether you use a one click install, or set up WordPress manually, the first user (you, the administrator) will have an ID which equals 1. That is, you are the first user to have been created on this installation. As part of our security routine, we will create another Admin user, and delete the original. This prevents potential hackers from taking the easy route to either target the ‘Admin’ username, or users with the default ID of 1.
Secure files and folders using .htaccess rules.
We have create a bulletproof .htaccess file which can be easily copied into each WordPress installation we create. Htaccess is a configuration file for use on web servers running the Apache Web Server software, which allows us to prevent access to certain file types and folders within our WordPress installation.
Enforce strong passwords.
By default, WordPress will allow you to set your own account password, and to anything you like. By installing a plugin called Enforce Strong Password we can ensure that none of your blog users have set their password to ‘password’.
Limit Login Attempts
In order to prevent a hacker from trying multiple passwords in order to gain access to your WordPress installation, we install a plugin called Limit Login Attempts. This means that after 3 failed login attempts you will be locked for 20 minutes (these figures are of course configurable).
When it comes to making your website more secure, a bit of common sense goes a long way. You can reduce the chances of your website being compromised by taking precautionary measures, such as:
- Do not login to your website on unsecured networks.
- Be wary of allowing people to upload files to your website via a form as hackers can use it to upload a malicious script – Even if you only allow image uploads, sneaky files such as image.jpg.php have been known to slip through
- Make sure your computer does not have any viruses by installing antivirus software such as Sophos Cloud Based Antivirus.
- If you are ever concerned about logged in users (editors, authors) doing something malicious on your website, use a plugin such as Simple Login Log or Audit Trail to track their activity.
If you’d like us to take a look at your existing WordPress installation and check its security, or you’re a local business looking for WordPress web design in Scotland, we’re happy to help.