How secure is your WordPress installation? If you aren’t following the advice in this piece, not very. Here are 5 WordPress Security Measures Every Site NEEDS To Have!!!
WordPress is the most popular content management system in the world – so it shouldn’t be surprising that it’s the most frequently targeted by criminals. From malware to botnets to spam, the variety of ways your site can be targeted is incredible. You need to do everything in your power to protect yourself – up to and including the stuff outlined here.
1. Good Credentials Hygiene
First off, take a close look at your username and password – and the credentials for every important account on your WordPress site. Password-based attacks remain one of the most common means by which any site, WordPress or otherwise, might be breached. To that end, you need to…
- Avoid using the default username, and use one that’s different from the name displayed to users.
- Don’t use the same password for your WordPress site that you use for other sites.
- Create strong passwords – read here for more information.
2. Intrusion Detection
The idea behind a brute force attack is very simple – a computer program poses as a human user, and tries a ton of different password combinations in rapid succession until one of them works. Such attacks are on the rise – but luckily, they’re easy to defend against.
Install an intrusion detection plugin such as Wordfence. Something that automatically locks an account after a certain number of failed logins, blocks activity from suspicious IPs, and enforces strong passwords.
Spam comments run rampant on WordPress. In addition to clogging up your comments feeds with unwanted garbage, they can serve as a delivery medium for malware. The good news is that like brute force attacks, spam on WordPress is fairly easy to manage.
- Use the default anti-spam plugin, Akismet, to manage and moderate comments.
- Close comments on older posts.
- Ban IPs known to be vessels for spam
- Disable comment functionality on media attachments
- Prevent HTML in comments
- Create a honeypot and enable CAPTCHA
4. Two-Factor Authentication
The more layers of security you apply to your site, the better. With two-factor authentication, anyone attempting to login or access admin functionality on your control panel will have to go through an additional authentication step, logging in via a code provided by either an app or an SMS message. I’d recommend using the former, myself – SMS 2FA isn’t secure.
5. Regular Updates
Last but certainly not least, remember that security updates exist for a reason. Every time a new update is released, you need to apply it immediately – failure to do so puts your entire site at risk. WordPress itself is not inherently insecure, but that doesn’t mean it’s immune to attack – new vulnerabilities are discovered on a regular basis, and if you don’t patch them out, you’re essentially inviting a hack.
In Conclusion – Stay Secure
WordPress is an incredibly popular, extremely versatile platform. And though base WordPress is fairly secure on paper, in practice it’s only as secure as you make it. Following the advice here is essential if you want to keep yourself safe.