5 Tips for Improving Wordpress Security

Wordpress is a fantastic platform for building websites, and it is estimated around 20% (and growing by the day) of websites use it. However, due to its popularity, hackers have been increasingly targeting Wordpress sites – with a few easy steps you can make Wordpress more secure and ensure your site is protected.

5 Tips for Improving WordPress Security

WordPress is a fantastic platform for building websites, and it is estimated around 20% (and growing by the day) of websites use it.

However, due to its popularity, hackers have been increasingly targeting WordPress sites.

WordPress is, on its own, fairly secure. However, with a few easy steps you can make it even more secure and ensure your site is protected.

Here, we detail 5 top tips for securing your WordPress site.

Change Admin Usernametip1

By default, WordPress automatically generates the admin username at installation, meaning that everyone has the same username – a dream for hackers!

Change the admin username to something unique to you, and combine this with a strong password (not “password” or “abc123″!).

To change the admin username simply create another user with their role set as “administrator” and then delete the old “admin” user. If you have posts published by the user “admin” then you can assign these to the new user you have created.

This is an essential security tip – if you haven’t already done it, do it now!

tip2

Use Login Lockdown Plugin

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

 

By default the plugin will block access from an IP address for an hour after 3 failed login attempts within 5 minutes – this can be changed in the plugin settings.

Click here to download Login Lockdown

tip3Keep WordPress Updated

It is vital that you ensure you update WordPress to the latest version whenever a new one is released. A new update will fix vulnerabilities which have been exposed in earlier versions.

If you don’t update the WordPress core you will be leaving yourself open to attacks, as hackers will tend to target WordPress sites which are using old versions as they will have known security issues.

Make sure you update as soon as you see a message about a new version of WordPress being available.

tip4Only Download Themes & Plugins from Reputable Sources

We would recommend only downloading free themes and plugins from the WordPress directory, as you can be sure these have a core level of security.

Many free themes that you can download just by searching “free WordPress themes” in your search engine will contain malicious code that can cause all sorts of problems.

If you want to purchase premium themes we would recommend using ThemeForest and for premium plugins use CodeCanyon. We have used many of their themes and plugins and they are excellent.

Use a WordPress Security Plugintip5

A security plugin is a great way of securing WordPress as they can guard against many different issues such as preventing malicious code injection, scanning for problems and backing up the database, allowing you to get back online quickly if anything did go wrong.

We recommend using Wordfence Security – it is easy to install and will really beef up your site security.

 

FURTHER ADVICE

If you have a question you would like answered, you can submit a question on our Facebook page at www.facebook.com/gbsport – we look forward to hearing from you.

GBSport members can contact us on 01952 201657 for specific telephone and email advice and support on this and any other business matter. Or for more advice on web design you can email webdesign@gbsport.org.uk – we can help with plugin setup, themes, or you can take advantage of our bespoke web design service.

Leave a reply

Current day month ye@r *