How To Maintain WordPress Security

Website security is important and WordPress Security has a set of challenges that it’s important to understand if you are going to keep your site safe and secure.

The biggest security for any website is being hacked and there are various ways that this can occur;

  • Logging in as a website admin
  • Accessing your Hosting account
  • Access to your server via FTP or SFTP
  • Log in to your Database via DB Password
  • Accessing your shared server via another site on it.
  • Malicious Plugin upload

WordPress Security Weaknesses

Admin Login

The WP default Admin Username is “Admin” which instantly makes it easier for a would be hacker if you don’t change it… so change it!

The only other thing they need is your password.

Hacking works because most people use the same password for multiple website logins.

Why Memorable Passwords are A Bad Idea

So….. you use your memorable password for logging into seemingly harmless sites and platforms online. Unfortunately, all it then takes is for one of those “harmless” sites to get hacked and your email address and memorable password will be shared on the darknet where lists of login details change hands in their millions.

It doesn’t take much to marry up your email address with your URL, enter your details and they are in.

For your website, don’t use “Admin” as your login username, and use a unique, random character password.

Use iSecurity to set your security level, enforce unique passwords, network brute force protection and much more.

Hosting Accounts

Your hosting account will usually use an email address and password for access, so the same fundamental security weaknesses exist.

Use a different, unique password to maintain your hosting account integrity.

FTP / SFTP Access

FTP & SFTP backend server logins use a username and password. Make sure that this is random, unique and strong enough to not be guessable.

If someone can log into your server via FTP / SFTP, they can upload anything they like. They can delete your entire site and even lock you out of your own server.

Database Access

WordPress uses a MySQL database to store and process the data from your pages and posts.

Your website accesses your database via a username, Database name, password and Location URL.

If these details are compromised then anyone can upload whatever scripts, codes or malicious files they want to.

Use unique passwords, usernames, database names for each site.

Shared Servers

Shared servers can be host to hundreds of websites. Not all may be WordPress, but statistically around 30% will be.

If a hacker manages to access one site on a shared server, he/she can quite easily spread malicious code across all the sites on the server.

We have seen a particularly vicious example that infected over 200 sites, that included a countdown timer on the primary hacked site which every 24hrs reinfected all the sites on the server.

Very clever and all that, but a nightmare to clean up!!

If you use a shared server to host your website at a low cost it is vital that you use all the security strategies that you can. Maintain a clean back up of your site elsewhere for if and when the bad man comes a calling.

Malicious Plugins

WordPress maintain a register of ‘approved’ plugins. The reason for this is simple. Outdated plugins represent a security risk for your site.

Most of the updates you will see for WordPress Core, your Theme and Plugins are related to security threats.

WordPress security is taken seriously. They continually work to protect their sites.

Keep plugins and WP Core up to date, (including themes you aren’t using – haven’t you deleted them yet?).

If Wordfence indicates that a Plugin is no longer supported then remove it and replace it with an approved one.

Addressing WordPress Security Issues

If you address all the above areas of WP security then you will be proactively working to protect your website.

Next WordPress Performance

Important Wordpress Set Up Factors:

  1. Choice of Hosting
  2. Choice of Theme
  3. Choice of Plugins
  4. Loading Content
  5. Managing Content

For 2020 and beyond, there is one website metric that is more important than ever...... performance.

Little by little, Google is dragging all website owners kicking and screaming into the 21st Century, pushing them towards fast loading, high performance, mobile friendly website to represent their businesses.

The days of publishing something that looks like a website but doesn't perform like one are long gone.

If you want search engines and your customers to take you seriously, you need to tick ALL the performance boxes, not just one or two...... so here is a comprehensive guide to set up and optimise wordpress to work like a finely tuned machine for your business.

Wordpress - The Good, The Bad & The Ugly

Wordpress is a great platform for any website, flexible, endlessly customisable, open ended and with a seemingly endless supply of functionality in the form of Wordpress Plugins.

However, Wordpress does have its issues too.

Left to its own devices and not managed correctly, Wordpress can be susceptible to chronic weight gain!! If you don't look out, your Wordpress website will have its head in the biscuit barrel and before you know it, you'll have a heavy old Hector on your hands.

It's easier to set up Wordpress to stay slim and fit than it is to lose the weight once its gained it!

Weight is important for websites because all the code in your website has to be delivered to whoever wants to view your pages.

Each time a request for one of your pages is made, the whole page has to be packed up and sent across the ether to their device.

While of course some users will be on superfast broadband, many won't be. Spare a thought for the man stood in a field using a 3G mobile connection to attempt to read your page content. He needs to get the page loaded just as much as the city dweller with his 4 or 5G download speeds.

What makes this even more critical, is that Google use just that scenario - a man on a 3G mobile connection - to assess website load speed before they decide whether they will include your site in their all important search listings.

If your Wordpress site is data heavy, it won't get delivered to that mobile device in the field before the chap presses the back button and looks for a better alternative.

You may offer the best service, products, advice or whatever, but if your website set up doesn't deliver the goods fast enough, it won't matter..... Google will hate you!

WP Hosting

Fast hosting is a necessity if your WP site is going to load quickly. Free and low cost hosting options are a mistake that many business owners make, thinking that good quality hosting isn't very important.

Think of your web server as the engine in your car. You wouldn't put a diesel van engine in a Ferrari would you? Not if you expected it to perform when you pressed the pedal hard.

A website is the same, if you want a high performance site, you need a high performance server.

Not all hosting companies provide the same quality of server, so it pays to choose wisely. Otherwise your website will be parked on a rickety old server, creaking at the seams, unreliable and slow.

More about Wordpress Hosting

Getting Wordpress Right

Getting Your Wordpress Set Up right is important.

Wordpress Core is quite slim and efficient code.

However, it soon becomes bloated when you start adding Themes, Plugins & Addons, much of which you don't need or won't use.

Every bit of code adds to the overall size of the files that need to be sent and received. The more code you can trim the less data you will send and the faster your site will load on each request.

Next - Choosing Your WP Theme