WordPress Security

| July 9, 2013 | 1 Comment

WordPress Security Techniques

Now if you’re like me you probably didn’t utilize security on your WordPress website until it was too late.  After I had a hacker sneak into my backend I realized it was time to smarten up, be vigilant, and personally take charge of my WordPress Security.

Now of course I had security practices locked down on my servers; running daily virus checks, multiple firewalls, bruteforce protection programs, rootkit hunters, and many more security features being continuously added and monitored on a daily basis.  At the time for some odd reason I thought that was enough to keep my websites safe and secure, however this was not the case specifically on a user level when it came to my WordPress websites.

A hacker was able to get in somehow through my backend?  I quickly figured it out when I noticed new users with administrator access were being added to my WordPress site and since I was the only user on the site at the time.  Well it was obvious someone else had gotten in especially when they change my password on me and locked me out much to my surprise.

To fully remove the hacker from my WordPress website I had to delete and re-install my hosting account and upload my website backups (backups which I do religiously for just such a reason).  When I completed my reinstall, changed all my passwords, updated my WordPress software/plugins/themes, and removed any instance of new users.

The question remained… “What was I to do to ensure that this madness wasn’t to happen again?”

Well I did some digging online, spoke with some other professionals, and researched vigorously for the answer until I finally came up with a WordPress Security Package.   All my WordPress websites (both personal and for my clients) utilize this Security Package.  I am continuously upgrading and adding too my WordPress Security Package as new security flaws are found, and new updates are sent out.  The WordPress Security Package I put together is just a collection of different tools and plugins you install with your WordPress websites (they are all 100% free and can be found online).

Wordpress security is a must, you must be vigilant in keeping your website safe and secure.

7 Simple steps to ensuring your WordPress website is secure.

Keeping Your WordPress Website Secure!

STEP 1:  Keeping Everything Up to Date!

Always, always, always update your software; this is one of the most important steps to ensuring that your WordPress website is kept safe.  If you see a plugin that requires an update in your backend, than update it! If you see your WordPress version needs and update, update it!  If you one of your WordPress themes requires an update, well than update it!  Don’t wait until tomorrow, update it now.

Also before you update anything you should always read what you are updating.  All updates will have a detailed review of all the new fixes being installed for that plugin/theme/WordPress version.  Updating your software will help protect you and your WordPress website greatly.

STEP 2:  Removing Lost Password Function

One thing hackers try to do in order to access your WordPress backend is they try to utilize the Lost Password function via the Admin Login.  I recommend that you remove the Lost Password function entirely; you can do so by downloading the Lost Password Removal Plugin, uploading to your plugins folder and activating the plugin.  It will automatically remove the ability to reset your password with the Lost Password link.

STEP 3:  Installing Security Plugins

There are many security plugins that will help you to secure your WordPress installation.  Here are some of the best ones to choose from…

WordPress Search All: http://wordpress.org/plugins/search.php?q=security&sort=

Running both these plugins together will help you tremendously in locking out hackers.  They will guide you step by step on what to do in order secure your site.

STEP 4:  Making a Strong Password (See this article)

Never use the same password with multiple websites and always make sure your current password is a strong password.  Weak passwords can be broken within a matter of seconds.  Please read this article I wrote on how to secure your online password.

STEP 5: Keeping Your Site Neat and Tidy

One thing most WordPress users never do is delete any inactive plugins or unused themes they have sitting in their backend.  If you aren’t using a particular plugin or theme, than simply delete it, because believe it or not, you are leaving open opportunities for hackers to access your website through these inactive files.  A WordPress plugin or WordPress theme doesn’t have to be in use for it to be dangerous… so the rule of thumb should be that if you haven’t used your plugin and/or theme within the last week or two it should be removed immediately.  Remember you can always re-install / re-upload it if it’s need again.

STEP 6: Backups

Backing up your website is also another very important feature you need to make a common practice of, because if all else fails your backup files are all you have left.  You always want to make sure you do frequent backups of your WordPress website (whether it be twice daily, once daily, twice weekly and so on, it’s all up to you).  I backup my websites daily, and you should too especially if your website gets a lot of traffic, posts a lot of articles, and/or gets a lot of comments.  You never want to lose any of your content because your backup is 2 weeks old, that’s content you’ll never get back.

Now most web hosting providers provide backups for their shared hosting clients automatically but you should always confirm with your web hosting company if they do indeed do backups on your website specifically and of course ask them how often?  Ultimately you should never rely on your web hosting provider for your backup solutions.  Reason being they will usually charge you a fee to have your backups re-installed and even then you will have to open a ticket, or call in, and then wait until however long it takes for it to get done. If you do your own backups then you can re-install your backup files immediately at no cost to you.

Here are some great backup solutions for you and your WordPress website.

STEP 7:  Think Security, Make it a Habit!

The final step to keeping your websites secure and safe is by far the hardest discipline to learn and that is making it a way of thinking.  Checking your daily logs, running daily security scans, frequently testing your weakest points on your site (penetration testing), keeping up to date with what’s new in the world of security and the software you are running.  You always have to keep security in mind when building and growing your website(s), this is the only way to keep your websites safe and out of the hands of hackers.

Eventually when you do it enough times in a day continuously it will become a habit, second nature and that’s the point you want to get too.

WordPress Security Recap!

Remember…

  • STEP 1:  Keeping Everything Up to Date!
  • STEP 2:  Remove the Lost Password Function on your Login Screen!
  • STEP 3:  Installing Security Plugins that help lock down your site!
  • STEP 4:  Secure your Passwords (See this article)
  • STEP 5:  Keep it Clean… Cleaning up your website!
  • STEP 6:  Backups, Backups, Backups
  • STEP 7:  Make it a Habit – Think Security

Download Recommended WordPress Security Package (ZIP FILE)

Share this article

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Category: Downloads, Web Security, Web Tools, Wordpress

Comments (1)

Trackback URL | Comments RSS Feed

  1. harrison says:

    This post genuinely peaked my personal interest.

Leave a Reply

Your email address will not be published. Required fields are marked *

Email
Print
Pinterest