WordPress is the most popular CMS (content management system) on the internet to build a website with, no wonder WordPress is also the most hacked. So you need a good approach to security! WordPress itself is reasonably well secured, but the use of a theme and various plug-ins always involves risks. If your website is hacked it will cause a lot of problems, for example your site will no longer be accessible. This can cost you money and damage your image and customer data can even be stolen. That's why we've made a list of the most important measures you can easily take to secure your website.
1. Make sure you update regularly
It is very important to update WordPress regularly. WordPress is continuously being developed and security holes are constantly being closed. The same goes for themes and plug-ins. As soon as an update is available it is best to install it right away. Old plug-ins and themes make it much easier to hack your website. Hackers scan thousands of websites a day for vulnerabilities. Make sure you are not one of those websites!
2. Make your website only accessible via HTTPS
A website without an SSL certificate is like a door without a lock. With an SSL certificate you encrypt all the data your website sends. For this you need to install an SSL certificate on your server and make sure that all traffic is sent via HTTPS. A handy plug-in for this is Really Simple SSL.
3. Choose a difficult password and username
This may be the most important security point of all. Choose a difficult password and a difficult username. The Admin username was used by WordPress by default. Change it immediately because otherwise hackers already have one part of the puzzle. For a difficult password you can also use a password-phrase, e.g. hack minesite. Or make sure you use a password manager like LastPass to remember your difficult passwords.
4. Limit the number of login attempts
To make it more difficult for hackers, you can install a plug-in that limits the number of login attempts. A good plug-in for this is Limit Login Attempts Reloaded. Is someone trying to log in too often with a wrong password or username? Then they are temporarily blocked.
5. Use a security plug-in
Many people have a virus scanner on their computer, so why not a security plug-in for your website? Most security plug-ins work preventively and make your website a bit more difficult to hack. At Surver we are fans of Wordfencethe free version is an excellent plug-in.
Make regular backups and store them in a safe place. It is best to run backups according to a schedule and store the files on another server. Surver arranges all backups for its customers. Each day multiple backups are made up to a month back.
7. One website per server
Do you have multiple websites? Put each website on its own hosting package or server. This minimizes the chance that if one site is hacked, the other site will be hacked as well.
8. Choose a good hosting party and WordPress expert
WordPress and website security is an expertise in itself. That is why it is important that you choose a good party for the hosting and maintenance of your website. Surver offers a complete package for WordPress websites, including hosting, security and maintenance. We even give a hack free guarantee! Check out the features of the packages here.