How secure is your WordPress website? Rock-solid? Easily-hackable? Have you ever been hacked? How long did it take to recover from the incident? Are you doing anything differently now, to keep your site more secure?
If you’re one of the lucky few who has not been hacked — that’s awesome! But, guess what? Hackers are getting smarter & smarter and if we don’t continue to learn about and stay up-to-date on ways to protect our WordPress sites, it’s just a matter of time before it’ll happen — or happen again.
I was on a conference call recently with a few other speakers, and the topic of websites came up — specifically, websites created using WordPress. The person who mentioned it gave several examples of speaker sites that had been hacked, infected with malware, taken offline, etc. not just once, but multiple times over a 12-month period. He was extremely unhappy with his WordPress site and was warning the others on our call to be super-careful or choose another website tool.
First, let me tell you that I absolutely LOVE WordPress, and — unless there’s a specific request for something else — I always use it for client sites. I’ve been designing for more than 20 years, and have everything from straight HTML to FrontPage, Joomla, Drupal, to GoDaddy’s fancy-schmancy custom site-builder. Not one of those tools measures up to the functionality and ease-of-use that WordPress has. I always tell my clients that if they can use Microsoft Word, they can easily use WordPress to blog and keep their content up-to-date. (Yes, it’s that easy.)
WordPress is what’s known as “open-source” software… meaning, there are people all over the world who work to advance, improve, fix errors, design themes (templates), and develop plugins in order to further the awesomeness that is WordPress. As you can probably imagine, this kind of accessibility can be both good and bad — because, for every “good guy” WordPress developer out there, there are at least two “bad guy” ones. With those odds, it’s no wonder so many sites are getting hacked, right!?
It’s easy to get paranoid with all the crazy stories in the news — and I can’t guarantee that you’ll never get hacked. (Life happens, right?) These are the tools & techniques I’ve added to my “anti-hacker arsenal” over the years, and so far, they’ve worked great at keeping my clients, their websites, and me quite happy. I hope you find them useful, as well!
ALL of these are important — they’re listed in no particular order.
1.) Your username should never be “admin” or any variation of your name. Be creative — come up with something complicated, yet memorable, that’s not super obvious. What should you do if you DO have an “admin” username? Log into WordPress, and from your dashboard, click on “Users.” Once you’ve created the new account, be sure to delete the old “admin” account.
2.) Yep, you guessed it… next on the list is your password. “PaSsWoRd123” is not a good password, and with the right tools, a hacker can break into your site in a matter of seconds. Be sure to use at least 10 digits, and include a variety of characters… numbers, symbols, capital letters, lowercase. Refrain from using (the obvious) kids’ & pets’ names, birth dates, favorite color, the street you live on, etc. Do NOT use the same password for multiple online accounts, and consider investing in an application like AgileBits’ 1Password, which allows you to sync your login data on all your devices and only requires you remember… literally… ONE password, while it keeps track of the rest.
3.) WordPress, its themes, and its plugins are constantly being updated, and it’s critical that we use the most current versions available. One of the main reasons these tools are updated so frequently is because the developers are always finding and fixing security issues, functionality problems, and weaknesses in the code. We’re unnecessarily exposing ourselves to potential hackings and malware if we choose not to update. It’s so easy to do… WordPress will automatically notify you when it’s time to update. All you have to do is click on a few boxes. (Yep, that easy!)
4.) Speaking of themes & plugins… There are literally thousands of options available, and each has been developed by programmers at vastly different skill levels. Because of this, it’s important that we choose carefully what we bring in to our little WordPress environment.
Here’s a great way to “check the stats” on a potential plugin. Take a look at the description of some random plugin on WordPress.org. You’ll notice that it’ll tell you how long ago it was updated, what version of WordPress it’s compatible with, the number of other websites around the world using the same plugin, and a 5-star rating by people who are using it. At times, you can also learn how many people have requested tech support from the developers, along with how many issues have been solved. Themes available on the WordPress.org website have a similar description to help you make an educated decision.
Before installing any plugin or theme, I always — always — research those stats.
So, now you’ve got a few things on your WordPress “to-do” list. They won’t take very long, but each one will add another layer of security to your website. Watch for Part 2 of this post, with even more ways to secure your WordPress site!