What would you do if your website was compromised? What if everything you had worked for, all of the long hours you’ve put in, the blood, sweat and tears that you’ve poured into your business, went away in a snap?
It’s a scary thing to think about, but it’s something that happens every day.
We want to make sure all of our readers know how to keep their websites and businesses protected from potential dangerous threats, so we’ve created a WordPress Security 101 post to cover everything you would need to know.
If you’re just getting started with your website, we suggest checking out our getting started guide!
WordPress Security 101: Keeping Your Business Protected
Keep WordPress up-to-date
When a new version of WordPress is available to you, you will get a notification in your WordPress admin screen. We recommend updating your WordPress as soon as you see this notification.
Often these updates are related to security measures to protect your website from new ways hackers try and comprise websites. These updates are helping protect your website, which is why is important to update it as soon as you are able.
Please know that by updating to a new version, this could potentially affect the connectivity with your theme. If your theme hasn’t been updated to be compliant with the new version of WordPress, problems could arise.
Keep plugins up-to-date
On the same note, it’s just as important to keep your plugins up-to-date too. Plugins are often what run many features of your website, and if you aren’t updating your plugins, your security could be breached.
Remove plugins that aren’t being used
As a long time business owner, the plugins we use have changed over the years and I imagine the same is the case for you.
Old plugins that aren’t being used can make your website run slower as well as could potentially lead to harmful attacks to your website.
Try and go through your plugins on a quarterly basis and remove any unused ones to keep your WordPress up-to-date.
Related post: WordPress.com vs WordPress.org: Find Out Which Is Right For You (Infographic)
Only download plugins from trusted sources
Anyone can create a plugin (or a WordPress theme for that matter) which means there are a lot of plugins that are created by not so trustworthy sources.
We suggest only using plugins that are from trusted sources and/or that have a lot of reviews and downloads. If a lot of people are using the plugin, it’s most likely one you can trust.
Back up your site regularly
Backing up your website regularly is essential as a business owner. You never know what could happen and you always want to have a backup of your site, just in case.
We suggest having a backup on your server and doing manual backups that are emailed to you, in case something ever happens to your server.
No amount of backups is too many in our opinion!
Use strong usernames & passwords
By default, your username will be “admin” to log into your website. We suggest changing this immediately, as hackers can easily guess that as a login since it’s the default option.
In addition to changing your username (and we also suggest not using your email address!), you should select a strong password. Use a variation of capitalized letters, numbers and symbols.
If your username and password is strong, you still want to limit login attempts, just as an extra precaution.
You can use plugins such as WP Limit Login Attempts or Limit Login Attempts that limits attempts of people logging into your WordPress site.
[clickToTweet tweet=”Keep your website protected with these #WordPress security 101 tips!” quote=”Keep your website protected with these #WordPress security 101 tips!”]
Pick a great host
There are a lot of hosting companies out there. Some are amazing at what they do, and other leave a lot to be desired.
When picking a host for your website, make sure they are reliable, trustworthy, and have a background in providing great customer service.
Related post: 10 Things You Must Do After Installing WordPress
Plugins to use
Here are a list of security plugins you can use to protect your WordPress website. All come highly recommended and are used by thousands of business.
Secures your site by providing firewall security, login security, database security, and backups.
Acunetix WP Security
Scans your WordPress installation for security vulnerabilities.
Provides a toolset for security integrity monitoring, malware detection, audit logging and security hardening.
Offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
All In One WP Security & Firewall
A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
Secure your website with the most comprehensive WordPress security plugin. Includes firewalls, malware scan, blocking, live traffic, login security & more.
Simple Security Firewall
The most comprehensive and highest-rated security system for WordPress.
Though it may seem like a waste of time to go through all of these measures to keep your website safe, we would much rather seen you be overprotected than underprotected.
You never know what will happen to your website, so it’s worth the extra effort to keep your business protected!