WordPress security

Unfortunately not everyone on the web is helpful, getting into people websites without permission (hacking) is done for a variety of reasons ranging from simple defacing to professional criminals looking to collect personal details.

Passwords

Your first line of defence is having strong, complex passwords on the user accounts you use to login to your WordPress site. No amount of security will be worth anything if your password is easily guessed. There are password ‘guessers’ that can be used to test millions of common passwords against a website.

Hosting

Use the highest quality hosting you can afford for your website. The lower priced hosting companies often run their servers (where your website files live) with reduced security as it reduces support queries to them. Reputable hosting companies run at higher security levels and offer excellent support.

Plugins and Themes

Only use Plugins and Themes from reputable sources. Remove any inactive Plugins and Themes – even if not active they can still pose security threats. The quality and attention to security varies greatly amongst Plugins and Themes, some have even been used to introduce backdoors into websites.

My approach to WordPress security

  • Check website is on secure hosting using up-to-date PHP version.
  • Correctly set permission settings on all files and folders of the website.
  • Advise complex passwords on all routes to the website, domain name, hosting – including FTP and MySql, WordPress.
  • Install honeytraps, blacklists or challenges to help prevent user and comment spam*
  • Disable non-essential WordPress features, e.g. file editing from within Dashboard*
  • Install firewall to prevent unwanted activities*
  • Install file monitoring to check for unwanted changes to files*
  • Install user logging if existing WordPress users are suspected of malicious activities*

* The level of security needed largely depends on the complexity of your site and what users can do on it.
For example, a site that lets users login and upload files is high risk as it needs to ensure that malicious files can’t be uploaded.

WordPress security is offered as an add-on to both the Personal Plan and Professional Plan.