WordPress security tips

WordPress_blue_logo.svgWe are responsible for the server administration and network security, while you are responsible for the administration and WordPress security of your website.

The popularity of WordPress (WP) makes it an appealing target for intruders. Outdated versions of WordPress installations, themes & plugins could result in your website being attacked. Vulnerabilities make your website susceptible to intrusions from outsiders with malicious intent.

If you don’t take care of vulnerabilities, your online business may lose credibility.

Security tips:

Keep your site updated

When a security vulnerability becomes known, it is quickly fixed and an update is released by the WordPress community. Older versions of WP are not maintained with WordPress security updates.

Carefully choose which themes and plugins you download

It only takes one theme or one plugin to make your website vulnerable.

  • Update your plugins
  • Delete unused plugins
  • Don’t use unverified plugins and/or themes.

Use a strong password

A strong password protects your website content and prevents intruders from gaining access to your admin account to compromise your entire website. Many potential vulnerabilities can be avoided with a strong password.

  • Use strong FTP passwords, WordPress login passwords and database passwords.
  • Should your domain be compromised, it’s advisable you change all passwords relating to that domain.

Use security applications

These applications provide pro-active security. They scan your WordPress site for vulnerabilities and inform you if any are found. They can block incorrect log-ins, notify you of new edits, and warn you when your site is vulnerable to attacks:

  • We recommend Cloudbric WAF – get a one-month free trial
  •  Install a trusted security plugin, such as WordFence. Use the plugin user ratings as a guide.

Avoid using default configurations

Changing your default settings adds another thin layer of protection against intruders. The default WordPress login is “admin” and most intruders know this.

  • Delete the default admin and create a new custom login.

Make backups

Before you delete anything, make a full backup of your site. Our backups are only intended for disaster recovery purposes.

  • Schedule regular backups
  • Backup your data on read-only media, to ensure your data has not been tampered with.