Keeping Your WordPress Site Secure

Now that we have a brand new website set up, we want to do a few things to make sure that it is secure and protected from attackers. WordPress is generally fairly secure but it is a very popular target for attackers since WordPress is open source and very widely used with many users that do not properly secure their sites.

Brute-force login attempts, cross-site scripting attacks, database injections, DDoS attacks, and phishing attacks are some of the most common attacks that WordPress sites face. Here are some steps you can take to protect site against these attacks.

---

1. Keep your WordPress software and plugins up to date.

WordPress releases regular updates to fix known security vulnerabilities. It’s important to keep your software and plugins updated to ensure that your site is protected against known vulnerabilities.

Minor updates are already automatically applied by WordPress but the major ones are not applied automatically. You should be regularly checking for updates to ensure that you have the most recent version of WordPress on your website to protect against vulnerabilities.

2. Use a strong, unique password for your WordPress administrator account.

This is the most basic step in securing your site, yet it is often overlooked. A strong password should be at least 12 characters long and include a mix of letters, numbers, and special characters. Avoid using easily guessable information such as your name or the name of your site. Instead, use a passphrase that includes a mix of uppercase and lowercase letters, numbers, and special characters.

3. Limit login attempts.

Brute force attacks are a common method used by hackers to gain access to a site. By limiting the number of login attempts, you can prevent these types of attacks. One way to limit login attempts is to use a plugin like Login Lockdown or Limit Login Attempts. These plugins allow you to set the number of login attempts allowed and the time period during which login attempts are allowed.

4. Use a security plugin.

There are many security plugins available for WordPress that can help to protect your site. Some popular options include Wordfence Security, iThemes Security, and Sucuri Security. These plugins can help to protect your site from malware, hackers, and other types of threats. They provide features such as malware scanning, firewall protection, and two-factor authentication.

Securi is the best free security plugin that you can use. It allows you to turn on many crucial security features with the click of button in the ‘Hardening’ tab of the plugin. Some important features to enable in the ‘Hardening’ section are blocking PHP files and hiding your WordPress version. Vulnerability scanners will often scan for what version of WordPress you are using so that they may execute any known vulnerabilities in that version.

5. Regularly back up your site.

Backing up your site regularly is an important step in securing your site. This will ensure that you can restore your site if it is hacked or if something goes wrong. You can use a plugin like UpdraftPlus or BackupBuddy to schedule regular backups.

6. Use a web application firewall.

A web application firewall (WAF) is an important tool that can help to protect your site from various types of attacks. WAFs can help to block malicious traffic and protect your site from hacking attempts. Some popular WAF providers include Sucuri, Cloudflare, and Incapsula.

7. Regularly monitor your site for suspicious activity.

Regularly monitoring your site for suspicious activity, such as unusual traffic or changes to your files, can help you to detect and respond to potential security threats. You can use a plugin like iThemes Security or Sucuri Security to set up regular scans and alerts for suspicious activity.

---

By following these best practices, you can help to protect your WordPress site from known security vulnerabilities and ensure that your site is safe for your users. Remember to keep your security measures updated, and to regularly monitor your site for suspicious activity.