WordPress gets bad press about being insecure and hackable.
The truth is that historically, when WordPress was a humble blogging only platform it wasn’t the most secure – but that was over a decade ago and it’s now old information.
WordPress is inherently safe – since its launch in 2003 it has undergone a massive metamorphosis and now WordPress powers nearly 30% of the world’s websites from sole traders to major international corporations. With an average of one CMS update per month for security and enhancements, it rivals many leading software organisations. The standard admin password on setup is a thing of the past and even user passwords need an administrator to agree to use what WordPress will highlight as an insecure password.
WordPress is only as secure as YOU!
Like the operating system, applications, anti-virus and malware on your laptop, WordPress needs your attention to keep it running properly and to remain secure.
Poorly managed WordPress websites are the most attractive to hackers according to Securi. Neglecting WordPress security can be disastrous. Following 5 simple security steps ensures that any hackers that try to breach your site will move on and find poorly secured, easier to hack websites.
As the recent worldwide Petya cyber attack proved, as well as the UK’s NHS, global advertising giant WPP and the Ukrainian National Bank were hit – a graphic example that no matter what size organisation, if you’re not paying attention to required security updates can be disastrous.
5 Ways to keep WordPress secure
Simple to say, but if you don’t pay attention to setting up and maintaining WordPress, then it will become out of date and the hackers will rub their hands with glee as they eye up your unmanaged site. But very simple to achieve by just checking the WordPress Dashboard Updates Screen regularly and you’ll be prompted to install important updates.
Pay Attention and Backup
We’re all only human, so while your best intentions are to pay attention, you may take your eye off the ball – holiday, new baby, big contract, any number of things can distract you. So make sure you implement a solid and secure off-site backup so that if the worst did happen, you can ‘roll back’ the site to restore it to a previous safe version. It may be missing a few updates that you made, but at least it’s working and an online presence. Check out Updraftplus and backup manager BlogVault, which also has a very simple restore feature.
Remember the themes and plug-ins
WordPress’ most important feature is the ability to search for a plugin, install it and add a new feature or function virtually instantaneously. Three key points to remember:
- Only use proven themes and plugins – they will be maintained and more secure
- When WordPress is updated check for theme and plugin updates – these often get updated to remain compliant with the new CMS version and with updated security
- Delete any unused plugins – if they are still on your WordPress server they could be an unwitting route in for security breaches.
Like AV on your laptop you need security on your CMS to minimise security risks. There are numerous security plugins on the market and the top vendors have a free and premium paid for version, with the free version normally providing everything you need. Take a look at All In One WP Security & Firewall or WordFence Security for WordPress both solid security solutions.
Back to us as humans again.
- Don’t give every user administrator rights to the website. WordPress has multiple levels of security from subscriber up to full blown administrator, only give website users the abilities they need – give them full access and guess what? They’ll play, we’re all inquisitive and it can be so easy to install a dangerous plugin without realising.
- Keep passwords secure – yes I hate entering passwords that look like algebraic formula, but much better to force people to do that than let them change their passwords to their pet’s nickname Kitty or first son’s name Dominic – you can bet these appear somewhere on social media, so easy to hack.
So remember, WordPress isn’t normally at fault… as humans, we are, but when you know that you can take preventative action!
Enjoy your secure WordPress website.