How to keep your WordPress site secure

Let’s chat about website security.

Frankly I’m alarmed about how many people don’t know how simple it is to protect their website.  I’ll bet that no one has shown you how to keep your WordPress site secure.

I’ll even bet that half my clients don’t have a clue that I’m even taking care of this for them.

While one can guarantee that your WordPress is 100% secure, here’s how to keep your WordPress site secure.

1.  Host with a trusted provider

I don’t want to knock private hosting because there are a lot of great people providing this service out there.  However my experience in the past few months have been with malware infecting a site that was privately hosted and once we moved it to a more secure provider such as Blue Host, ( you can also rely on Host Gator or Go Daddy) the issue was handled.

Here’s what you should look for in a hosting provider:

  • Offer security features and processes with their hosting package.
  • Provide your site with the most recent stable versions of all server software.
  • Provide you with reliable methods for backup and recovery of your site in case the unthinkable happens

2. Keep your computer up to date & secure

This is as simple as keeping your operating system and the software on it, especially your web browser, up to date to protect you from security vulnerabilities.  So when you get those software update notices, don’t put off installing them on your computer.

3.  Keep WordPress and WordPress plugins updated

 Update your WordPress and all its plugins every time a new version is released. New versions often fix holes found in the earlier versions.

Installing  Wordfence Security  which is an Anti-virus, Firewall and real-time WordPress security Network will is a great plugin that I recommend installing right away. Not only will it deter hackers from getting into your site, it will notify you whenever you need to update your WordPress, Theme or Plugins.

Only update your WordPress from your website or from WordPress.org.  Official releases are not available from other sites — never download or install WordPress from any website other than http://wordpress.org

Here the full list of  must have security plugins:

  1. The All in One WordPress Firewall plugin can apply a nice set of firewall rules to your site.
  2. Better WP Security can also add rewrite rules to harden your site whether on Apache or NGINX as well as other tools to block hosts, notify you of attempts to gain access and other.
  3. The Sucuri Security – SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck right in your WordPress dashboard. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it’s completely free.  Version 1.5.5 | By Sucuri, INC | Visit plugin site
  4. Wordfence Security – Anti-virus, Firewall and real-time WordPress security Network.  Version 4.0.3 | By Mark Maunder | Visit plugin site
  5. WordPress Data Base Back Up:  On-demand backup of your WordPress database. Navigate to Tools → Backup to get started.  Version 2.2.4 | By Austin Matzko | Visit plugin site
  6. WordPress Firewall 2. This WordPress plugin monitors web requests to identify and stop the most obvious attacks. Version 1.3 | By Matthew Pavkov | Visit plugin site
  7. Block Bad Queries (BBQ)  Automatically protects WordPress against malicious URL requests. Version 20140305 | By Jeff Starr | Visit plugin site.

4.  Make sure your passwords are strong

Many potential vulnerabilities can be avoided with good security habits. A strong password is an important aspect of this.

The goal with your password is to make it hard for other people to guess and gain access to your site.  You can even use an automatic password generator to create secure passwords such as this one by Norton:  Norton Identity Safe Password Generator

WordPress also features a password strength meter which is shown when changing your password in WordPress. Use this when changing your password to ensure its strength is adequate.

Here’s how to create a strong password:

  • Avoid using any version of  your own real name, username, company name, or name of your website.

  • Don’t create a password using words – mix it up a random bunch of letter (upper & lowercase) plus numbers will work well.

  • Make your password long.

A strong password is necessary not just to protect your site. A hacker who gains access to your administrator account is able to install malicious scripts that can potentially compromise your entire server.  Trust me that is a mess you don’t want to have to deal with and if your site get blocked by Google due to Malware that can mean a loss of revenue.

Be sure to protect your site with a strong password, security plugins and regular updates!

About Kristen Poborsky:

Kristen Poborsky is a business builder & strategist who loves to work with business and life coaches building the business of their dreams.Kristen and her team are experts at helping you generate more leads so you can turn them into clients.  She has developed a 3-step process that helps clients build their lists by generating more website traffic and opt-ins.

Want to talk to me about getting more traffic, leads & clients using this an other strategies from my tool box?  Book time with me right here…

Be sure to take the website quiz!  You’ll find out what you might be missing and get a copy of her FR*EE report:  The Essential Guide to Making Money With Your Website.

Here’s to more leads, more clients & more money!

 

Search
Categories