WordPress security tips
We are responsible for the server administration and network security, while you are responsible for the administration and WordPress security of your website.
The popularity of WordPress (WP) makes it an appealing target for intruders. Outdated versions of WordPress installations, themes & plugins could result in your website being attacked. Vulnerabilities make your website susceptible to intrusions from outsiders with malicious intent.
If you don’t take care of vulnerabilities, your online business may lose credibility.
Security tips:
Keep your site updated
When a security vulnerability becomes known, it is quickly fixed and an update is released by the WordPress community. Older versions of WP are not maintained with WordPress security updates.
- Update to the latest version of WordPress
Carefully choose which themes and plugins you download
It only takes one theme or one plugin to make your website vulnerable.
- Update your plugins
- Delete unused plugins
- Don’t use unverified plugins and/or themes.
Use a strong password
A strong password protects your website content and prevents intruders from gaining access to your admin account to compromise your entire website. Many potential vulnerabilities can be avoided with a strong password.
- Use strong FTP passwords, WordPress login passwords and database passwords.
- Should your domain be compromised, it’s advisable you change all passwords relating to that domain.
Use security applications
These applications provide pro-active security. They scan your WordPress site for vulnerabilities and inform you if any are found. They can block incorrect log-ins, notify you of new edits, and warn you when your site is vulnerable to attacks:
- We recommend Cloudbric WAF – get a one-month free trial
- Install a trusted security plugin, such as WordFence. Use the plugin user ratings as a guide.
Avoid using default configurations
Changing your default settings adds another thin layer of protection against intruders. The default WordPress login is “admin” and most intruders know this.
- Delete the default admin and create a new custom login.
Make backups
Before you delete anything, make a full backup of your site. Our backups are only intended for disaster recovery purposes.
- Schedule regular backups
- Backup your data on read-only media, to ensure your data has not been tampered with.
Read about what to do if your website is hacked.