Making a WordPress site as secure as possible is a worthwhile, long-term investment.
After all, it’s often the first introduction people have with your business, organization, or charitable endeavor, and you’ve worked hard on it!
These are some basic steps a WordPress site owner or administrator can take to strengthen security.
Administrators and their passwords
Administrators have the most access to your website. There’s very little an administrator can’t do!
It’s best to never utilize the username “admin,” “administrator,” or your domain name (ex: the username “mile6” for the website mile6.com). When tried against common passwords, these common user names are easy targets.
3 Secure Password Tips:
- Make it unique! Choose a password you don’t use on any other platform or service.
- Mix it up! Utilize a combination of upper-case, lower-case, numerals, and symbols.
- And of course, the longer, the better.
SSL Certificates
An SSL Certificate encrypts traffic between the end-user and the website. Meaning, an SSL Certificate ensures that secure information is not sent over the internet as plain-text when it shouldn’t be.
Here are some ways SSL should be used to protect you and your customer:
- Secure your customers’ information
- If you don’t secure your website with an SSL Certificate, Google will now warn your site visitors via the lock icon in your URL bar.
- Automatically redirect from plain http to https once you add an SSL certificate.
- For example, if an end-user requests “https://www.mile6.com,” they are redirected to “https://www.mile6.com.”
- FTP users should not work in file transfer operations over FTP on port 21 (or any other alternate port). Instead, utilize FTPS or SFTP (both secure).
Plugins
In addition to choosing plugins that add value, functionality, or features to your site, make sure they’re secure!
- Choose your plugins carefully.
- It’s best to pick plugins that are widely used, well-reviewed, and frequently updated.
- Update the plugins you have.
- Check your site consistently for plugin updates. These updates can contain important security patches and other fixes.
- Remove plugins that are not in use.
- Finally, don’t leave plugins “deactivated.” While the plugin may not be active on your site, the source code remains and can be vulnerable if not updated. And they’re just cluttering up the place anyway!
Just a little security insight.
Security vulnerabilities can prevent your WordPress website from working as it should. For that reason, we share these security tips that are basic and effective front-line measures you can apply to help boost security on your site.
Need Help with WordPress Security?
If you’re looking for more, there can be additional website security measures implemented at the server level. Mile6 offers different types of monthly WordPress security and hosting services. Our top tier, Full-Service WordPress Maintenance Package includes:
- Mile6 Web Hosting
- Monthly maintenance and security
- Passive brute-force attack mitigation
- Hourly malware scans
- Regular access log and error log monitoring
- Uptime monitoring
- New plugin review
- Layered backups
- Snapshots before updates for quick restore
- Complimentary development and staging environments for testing and auditing new content and features before deployment.
- WordPress core, plugins, and themes kept in a secure state.
Need more information about WordPress hosting and security? Reach out to us today and ask how we can help protect your website!