WordPress Security: 3 Ways To Not Get Hacked
Many of us love WordPress for its amazing scalability as a content management system. I think of how we used to build websites 10 years ago. We had to build everything from the ground up. Now, with WordPress, free plugins can get us there with little to no effort. This allows us to spend more of our time on the content of the website. We also have to think more about WordPress security.
The problem is, WordPress is made up of plugins and themes as well as the WordPress core. Every time a new version of these is released, so are the bugs and vulnerabilities that existed with the previous version. So, if your site is not 100% up to date at all times, it’s vulnerable to hackers!
Does that scare you? It should. If a hacker infiltrates your site, they can install malicious software. The results could be disastrous: links to adult websites, redirects to install software utilities, and even a complete deletion of all your website files. If you rely on your website for credibility or sales, you cannot afford to ignore WordPress security issues on your site.
Things To Do To Improve WordPress Security
The good news is that you can improve your website’s security with these 3 steps: Evaluate, Backup, and Update.
The first thing you should do is install WordFence, a fantastic plugin designed to scan your site for known vulnerabilities. Once installed, run the site scan. You might be shocked at what it finds. Follow the recommendations.
A few other suggestions:
- Go to Settings > General in your WordPress admin area. Make sure “Anyone can register” is unchecked. Unless you have guest bloggers, leave this deactivated.
- Go to Users > All Users. Do you see any users you don’t recognize? You might want to consider deleting any user accounts that you know aren’t being utilized.
- Then, just for kicks, change all passwords to something more complex. You can use WordPress’ wonderful password generator.
One of my favorite backup plugins is UpdraftPlus. What I like about this plugin is that it easily allows you to backup to a remote location. You can setup a separate DropBox account and store backups there. I also like that you can automate the backup process. You can backup daily, weekly, etc: However, be sure to check that your backups are running. From time to time, backups may stop for various reasons. Most commonly, the server might not have enough space. So, be sure to limit the number of backups you store. I like to set this between 7 and 10.
Wait! This part always makes me nervous. Make sure you do a backup before you update anything. Once you’ve confirmed that you have a remote backup of your site, you can proceed with your updates.
- First, update your WordPress version, if there’s one available
- Next, update your plugins one-at-a-time. This is important. If a new plugin conflicts with the new WordPress version, it could crash your site. You’ll want to know which plugin caused the issue.
- Finally, updates any outdated themes
Awesome! you’ve completed the important steps to improving your WordPress security.
Here are some frequent questions that I get about this topic:
- I updated my site and now I see a white screen and I can’t access my WordPress admin area! What do I do now?
If you cannot access your admin area, you’ll need to manually restore the site via FTP access. Contact your webmaster for help.
How often should I perform these tasks for my site to stay secure?
We recommend making these updates once a month. Stay on top of it and you’ll keep the doors closed and hackers out.
What if I still get hacked?
Good news! You now have automatic backups running. Confirm your backups have been stored. Then, delete the infected files from the server and restore the latest, clean backup. I’d highly recommend leaving this to the experts, if you have one available. If not, be sure to contact us.
I don’t have time to do all this. Can you help?
Absolutely! I do this for many of my clients. Check out our WordPress Maintenance Service.