As hacking becomes more commonplace, it is becoming more and more important to increase security on your own website to protect your own personal details and your website.
Security is not just about strong passwords. There are lots of things you can do to help keep your WordPress website secure.
Here are some tips on how to increase your WordPress website security (and some cheesy stock photos to go with it!).
Some hosting companies are more secure than others. Your host should maintain and manage a lot of things you don’t want to or don’t know how to do yourself. For example, keeping your website’s PHP version up to date will help with reliability and reduce the vulnerability of your site. To run WordPress it is recommended (at the time of writing) that your PHP version if 5.6 or greater and MySQL version is 5.5. If that means nothing to you, ask your host!
If you install your own plugins are you picking ones that are developed by a security conscious developer? Always check star ratings of plugins and the number of reviews it has received. Checking the support section is also a good indicator as you can see whether the plugin developer regularly answers questions or acknowledges bugs and is working to fix them.
Free computer software can also affect your website by adding hidden software to your computer. This hidden software can slow your computer down, modify your security settings and occasionally steal passwords saved onto your computer to sell onto third-party companies, including your website login. Always check your software is coming from a reliable source; avoid installing ‘bundled’ software – where the install screen asks you to install other programmes as well as the one you want; and don’t click on popups about your computers performance!
A good password manager, like KeePass, makes it far easier to have long, random passwords. You should have different passwords for all your applications and any websites you sign up to, including your website. Many password managers include a random password generator (although WordPress has its own) so you don’t have to think of a new one each time.
More and more websites are using two-factor authentication to increase security. Two-factor authentication is a process that uses two bits of information before allowing you to log in to your website. Some need you to enter your password and username and then complete an extra step on your phone or tablet before you can log in. Others will require you to enter a personal pin number in addition to your password and username.
It does make the login process slightly longer but it makes a big difference to security. Unless you have a high-profile site with millions of visitors a day, hackers and bots trying to access your site will likely give up if they can’t break in right away.
Two-factor authentication is fairly easy to add to WordPress. There are many plugins that are available, all offering different two-factor authentication options. Google Authenticator is popular, as is Clef and Duo WordPress.
By far the most important thing to do! WordPress is the most popular platform for websites and so it is very attractive to hackers. Despite putting all these security measures in place, it is still possible to be hacked so make sure that your website is backed up on a regular basis, either through a plugin or by asking your host to do it for you.