Even the biggest websites are susceptable to hackers and with website security it is definitely a case of prevention being better than cure.
Here are a few things you can quickly check to ensure your WordPress website has its core security covered:
1. Ensure your usernames and passwords are a unique combination
This sounds obvious, but is still often overlooked and one of the key ways hackers still gain access to websites. They use robots to try all the obvious combinations over and over and sometimes strike it lucky.
Use a username and password generator like these to create login credentials they won’t try:
If you have a lot of different usernames and passwords, you can store them in a password manager such as Last Pass.
2. Check you have SSL hosting
SSL (secure socket layer) is a method of encrypting all data sent to and from the website. You’ll see that websites with SSL have ‘https://’ at the beginning of their address and usually the browser will also have some form of security icon, most commonly a padlock:
Pressure for websites to move to SSL as standard is increasing, with more browsers announcing they are adding security alerts for users when they visit websites without SSL.
Transferring your hosting is fairly straightforward and cost effective, contact us for more information.
3. Backup your site regularly
Use a backup plugin such as UpdraftPlus Backup/Restore and schedule regular backups of your website. As a starting point, set your database to be backed up daily and your files to be archived once a week. Ensure at least three backups are kept on the server too.
If anything goes wrong, then at least you can easily revert back to an older version of the site.
4. Use a security plugin
If you were to do only one thing, I would highly recommend you install a security plugin to your website, such as Wordfence.
These clever plugins will setup a firewall to further secure your site and run regular scans to check for any malware that may have been uploaded as part of a server hack.
They are an essential part of any WordPress websites’ armour and the core setup takes five minutes.
5. Restrict logins by country
To further protect your website from hackers trying to access your admin area through the login, you can use plugins such as iQ Block Country to restrict access to the admin area to nominated countries.
This will stop a slew of login attempts from, for instance, Russia or China (it does happen) dead in its tracks.
6. Restrict logins by adding extra security questions
Another way to stop hackers trying their luck with your login screen is to simply add an extra question to the login form which stops their robots ever inputting the right information.
WP Security Question is a plugin which will help you do this.
What to do if your website is hacked
If you have unfortunately realised your website has been hacked, don’t panic, help is at hand.
WordPress security gurus Wordfence offer a competitive site cleaning service which will get your website back within a matter of days and if needs be, a response within four hours.
Hope you have found this article helpful. Please contact us if you would like any further information regarding making your wordpress website secure.