As WordPress grows in popularity, it becomes more and more important to protect your WordPress installation. With more and more people using it to run their websites, hackers view WordPress as a quick and easy way to control servers.
Here are our tips for securing your WordPress site. Whether on our shared hosting or using a self-managed VPS or Dedicated Server, these are fast and easy steps you can take to make sure your WordPress is well-protected.
Photo of a computer screen with a download bar
Update everything
When WordPress tells you there’s an update, no matter how small, update immediately. Each update fixes existing bugs or security issues. You can find out what each update does by reading the WordPress News page.
There is a major security update to WordPress right now – have you already updated?
Photo of a CCTV camera in a hallway
Get a good security package
There are plenty of plug-ins for WordPress that provide detailed security features for your site. WordFence gives you a firewall, two-factor authentication, and scanning, as well as monitoring your site for issues.
Photo of a chainlink fence
Build in a firewall
A good firewall stops malicious requests from even hitting your website. Block Bad Queries is a plug-in that checks all incoming traffic and blocks the bad requests that could cause problems. This not only stops hackers from getting in, it also cuts down on the number of requests that you receive, keeping your site load down and responsive for the people you want to view your site.
Photo of a door chain
Set up two-factor authentication
Two-factor authentication is a fantastic way to keep your site protected. With it, you have an app on your phone that gives you a one-time code to use when logging in. This keeps your login secure against brute force attacks while also giving you added login security. Google Authenticator is a common system used, but you can also try Clef, another plug-in.
Photo of a file cabinet
Maintain good backups
If anything does happen to your WordPress site, it’s a lot easier to restore from a clean backup than it is to try and clean up a corrupted site.
You can back up your site onto your local computer, or to a cloud storage solution. BackWPup is a plug-in that lets you choose what you back up to, whether you want to try Amazon S3, Dropbox, Google Drive, or FTP to another account.
These are some basic steps that can protect your site.
