Secure WordPress – Protecting Your Website

Posted 7th June 2016 by Lee

WordPress is one of the most popular CMS platforms available today. This makes WordPress one of the main targets for hackers to gain control of your server. Luckily, there’s a few quick and easy ways you can secure WordPress and ensure that it is well protected from threats.

Updates

We would recommend logging into your Dashboard on a weekly basis and ensuring that everything is fully up-to-date. There’s normally announcements on the WordPress Blog when this happens (we also post on Social Media to remind our customers). This includes plugins, themes and WordPress itself, no matter how small the update may appear to be.

Security Plugins

There are a various plugins available on the market which will assist with monitoring your site for security flaws and issues. These generally provide firewall protection, two factor authentication and some even scan through your files (malware scan) to detect changes to core files. If you are not looking for all bells and whistles, we would recommend atleast having some kind of Firewall Plugin enabled in WordPress to help prevent brute force attacks.

Backups

It’s important, while carrying out the above – you should also have a backup of your website. Ensure your website is clean, then take a backup of it for safe keeping. It’s much easier to restore a clean, working backup than it is to try and clean a hacked website. You should store a copy on your local computer at the very least, however there are options such as OneDrive and DropBox where you could keep the files (obviously, you will want to set the “sharing” to private if you do this). We recommend using BackWPup to take the backups – alternatively, you can do this manually by exporting your databsae from PHPMyAdmin and then creating a zip archive of your public_html folder.