This post will be a quick post covering some tips to increase security for WordPress websites. We deal with a multitude of websites that need their security increased or that have even been hacked.
Only a couple of tips will be mentioned in this post, and it’s not the ‘be all and end all’ for securing your WordPress website and you may need to contact your web developer to do a more thorough security check on your website.
1. Keep your site up to date
This is probably one of the most important tips to making your WordPress site more secure and one of the easiest ways. Update all plugins/theme files as soon as possible. I think that almost every WordPress update consists of security updates to WordPress core files and the same goes for plugins. Often plugin updates are backwards compatibility, new features and security updates. So update!
2. Content Delivery Network (CDN)
Not only are CDN’s great for serving your website to visitors from around the globe at lightning speeds, but they offer DDOS (Denial of Service) protection and blocks threats across their network of servers. If a user tries to hack a site that is being managed by your CDN, the threat is blocked for all websites on the network. Cloudflare has a great free service which we use for most of our website as the free package is great which also includes free SSL encryption. There are paid options available from around $20 per month which offers even more features.
3. Usernames and passwords
We highly recommend to change the default administrative account’s username to anything beside ‘admin’ or ‘administrator’. Use something unique that is relevant to you such as ‘AndrewLima15’ (this is not my account username but it’s a rough example) this makes it more difficult for bots to crack the default ‘admin’ username.
It is a good idea to create a password that consists of a combination of special characters, symbols and upper/lowercase. If your password is ‘mypass123’ or ‘username123’ – change it, immediately! I’m sure you’re tired of hearing this from everywhere on the web but find a password that you can remember easily and ensure it consists of the combination above.
4. Database prefix
Change the default table prefix in your WordPress database from ‘wp_’ to something unique – for example ‘s31_’ since the prefix is setup during installation you do not need to worry about remembering this as once it’s set and setup in your wp-config.php (which is automatically created when you install WordPress via an installer).
5. Security plugins
There are a ton of security plugins out there that offer various security procedures such as hiding your default login url, block incorrect login attempts or block all incoming requests according to region. We definitely recommend WordFence which is a free security plugin for WordPress, which offers a lot through the free version.
These are just some tips that we follow and this article was created as a brief summary for users that have zero security on their WordPress websites and we may cover more security tips for WordPress in the near future.