If you’re at all computer literate, you probably know that your computer’s cyber security is important. Whether you pay for an antivirus suite or used a free antivirus, you keep your antivirus up to date and run it regularly. You monitor your browsing habits, and make sure not to click on spammy links, avoid sketchy websites, and even clean your cache once a week. But if you think these habits are enough to protect your WordPress website, you’re wrong.
In part, that’s because your website is a whole different beast, hosted (most often) on a machine that’s outside your control, using open source software, and themes or plugins which someone else has coded. Websites themselves are more likely to be the targets of hackers than people, and just like your computer, it can be compromised by an enterprising hacker.
While it’s true that having great cyber security habits on your business or personal computer will reduce the risk of a hack to your WordPress website, you’ll need to develop a new security regimen just for your website, and possibly even employ a few new tools. Because about 75 percent of all websites built with WordPress are vulnerable to hackers and malware… and you shouldn’t let yours be one of them.
The simple tricks and tips which can help secure your website aren’t that labor intensive, and can make a powerful difference when deterring hackers. In general, there are three different layers of security to be concerned about: your cpanel and database, your WordPress template and plugins, and your user habits and authentications.
Your Hosting Cpanel & Admin Area
This is one of the key areas which hackers can infiltrate, especially if you’re on a shared hosting plan. The first line of defense is to ensure your cpanel and databases are all updated to their most current version, as often updates in versions offer security fixes and patches. But you should also log into your databases and find the common fields which WordPress auto-names. These fields, since they’re commonly named the same thing across all WordPress installs, should have a slightly altered name and recall both in your database and in your WordPress framework. This will make hacking your hosting and database all the more difficult!
Your WordPress Framework, Template, and Plugins
The same logic generally applies to your WordPress framework. Since much of this collateral is public, it’s easy for hackers to identify the simple backdoors which are available on any WordPress framework, and then use them indiscriminately. Most patches and updates secure these holes, so updating any element of your WordPress framework which allows you to is very important.
But you should also critically assess the quality of your template and plugins. Are they free or paid? Are they maintained by their authors? Are their authors reputable in the WordPress community? It’s not uncommon for novice WordPress users to download templates or plugins which are poorly coded and easy to hack.
Also, reduce the number of plugins which you use in general. Stick to premium plugins which offer the most functions, rather than cobbling together the functions that you want with multiple free plugins. The fewer plugins you have, generally the less risk your website will have.
Your User Habits and Authentications
Do you click on every link which is left in the comments on your website? Don’t! As a general rule of thumb, trash any comments with links, which can easily hide executable codes. And make sure that your login credentials are strong, and contain at least seven unique characters which don’t spell a name or word. Since many hackers utilize brute-force attacks simply to crack login information, the more complicated your login information, the safer you’ll be.