After working for years as WordPress Web Developer and WordPress Consultant in Sydney, I do hear now and then the same questions Is WordPress Really Safe?
My answer would be Yes of Course. WordPress is safe platform for development. So why are so many WordPress website getting hacked frequently? There are number of factors that WordPress website gets hacked. Main reason being the dodgy cheap servers who doesn’t do their work properly, secondly poorly written codes and carelessly selected plugins that creates loophole in the security and third being some simple layman mistakes such as having poor username and password combinations etc.
So here are some of my takes on how to secure your WordPress web site. I am listing down some of the major points that will help you strengthen your website security.
-
Get a decent web hosting
My advice is find someone local. With the local team you are buying their reputation, if something goes wrong hosting-wise you have someone to chase at. And most of the time being locally based, response time will be fast and you will be collaborating within same time zone.
WordPress Security starts with finding a decent web host. No matter how good is your code, how secured your plugins are, if you don’t find a good web hosting, you are in serious problems.
My advice is find someone local. With the local team you are buying their reputation, if something goes wrong hosting-wise you have someone to chase at. And most of the time being locally based, response time will be fast and you will be collaborating within same time zone.
So how can web host help in security. Well, a good web host updates all the softwares and applications up to date. This make sure you get the latest version of all the applications and softwares that are needed to run your website. Also another major task to tightening WordPress security is the access permission set within the hosting level. Good host will make sure these rules are set properly.
Spend some time researching about the options. You might want to know hosting company better before selecting.
-
Finding a good WordPress developer or agency who knows what they are doing
The rule of thumb is you get what you paid for. If you are looking for good quality product you have to choose a good responsible wordpress developer or an agency
So how do you know about who is good? Well start with looking at their portfolio. See what clients are saying about them. For a good developer clients are more than happy to provide testimonials. Ask for references if needed.
A good wordpress web developer will know how to write good quality code. This is major when talking about wordpress security. If your website is built within wordpress’s core, then it’s pretty safe. Minimum chance of getting any damages. This also leads to code compatibility or website compatibility if you are planning to add some plugins or extra functionalities in near future.
-
Update
Put priorities for updating WordPress Core, Themes and plugins.
Whenever there are any new version whether its wordpress core, plugins or themes, there are updates on security fixes too.
So it’s always good idea to read what the latest updates are about. If it’s about the security fixes, update as soon as possible.
-
Choose Themes and Plugins carefully
Depending upon your budget, you might be tempted to buy premium theme or even free wordpress theme.
I recommend using custom wordpress theme if you have a budget to do so. Else do some research when choosing theme. Here is one my article on how to choose between Premium WordPress Theme or Custom WordPress Theme.
Regardless which way you go do some research. If you planning to get a premium theme, go through reviews and ratings for the theme.
Same goes with choosing wordpress plugins. Go through ratings and reviews of the plugin before making it part of your website. Well coded plugins with good reviews barely have any problems.
-
Use Strong Username and Password Combinations
Using simple username and password is one of the major reason why wordpress sites gets hacked. Make sure you are using strong username and password combination.
Good news is that wordpress by default forces strong password now.
Rule number 1 when creating username is to avoid admin as username. Rule number 2, don’t use same username as your domain name or company name. For example if your website name is awesomecompany.com.au, don’t use awesomname as your username. These username are easy to guess. There are lot of brute force attack happening with the latter case these days.
-
Keep your system protected
It’s advised to keep your system protected. If your computer is itself infected then it can lead to trouble no matter how secured your host is or how well coded your themes and plugins are.
So make sure you are using a good antivirus and scan your machine regularly.
-
Do Multiple Backups at different locations
Backing up in multiple destination is advised. Just in case if one of your sources is corrupted or inaccessible you can always refer to other option.
You should have an automated or manual way of backing up the site at regular interval. If by any case if the sites goes down, you will have backup to restore.
Backing up in multiple destination is advised. Just in case if one of your sources is corrupted or inaccessible you can always refer to other option.
It is to be noted that not all the systems are 100% percent bulletproof. But precautions can be taken to minimise the damages.
This had been just a coverage of main things that people normally miss or try to avoid when using wordpress as their preferred CMS. I will be covering more about wordpress security in near future.