7 Steps To Ensure Your WordPress Security

WordPress is the most popular platform for websites –34% of the entire internet runs on this platform! And if we count only CMS-built sites, it’s about 60% built on WordPress. Why? Because it’s a robust, open-source platform which allows endless customisations. WordPress is also very search-friendly in its structure. Plus, unlike some other platforms, you are in complete control of it.

However, many WordPress users don’t understand this platform requires regular ongoing maintenance to keep it bug-free and secure – until it’s too late!

So what can commonly go wrong?

  • Outdated platforms, themes and plugins often compromise your website’s security
  • Outdated plugins can cause compatibility issues, sometimes breaking your entire site
  • Updates are often released to fix security flaws…. and not updating them can leave your site vulnerable, since the bad guys know what to look for ?

According to Wordfence (https://www.wordfence.com/), a WordPress security plugin provider, there were 5,369,498,668 website attacks last 30 days that were blocked by their product.

Our recommended steps for your peace of mind

Step 1

‘Admin’ username

This is possibly the biggest risk to your security… using ‘admin’ as a username. It’s the default username given when creating your site, and the bad guys know it!

Solution: Avoid using ‘admin’ for any user, especially one with administration rights.

Step 2

Login URL

By default, your login URL will be yourdomain.com.au/wp-login.php… and again, the bad guys know it 

Solution: Change your login URL. This can easily be done with the security plugin iThemes Security, which we discuss below in step 7.

Step 3

Login authentication

Two Factor Authentication (2FA) adds a layer of security to your login process, most commonly by sending a time-sensitive code to your email address. Without this code, the login process will not continue.

Solution: Install a plugin like Two Factor Authentication (https://en-au.wordpress.org/plugins/two-factor-authentication/) or Google Authenticator (https://wordpress.org/plugins/miniorange-2-factor-authentication/)

Step 4

Using a strong password

How secure are your passwords? Did you know there are programs designed to run automatically, that attempt website logins using infinite combinations of passwords?

This is the test result of a client password that was recently shared with me…

password checker

That should scare you!

Solution: Create a password with at least 16 characters and have a random combination of letters, numbers and symbols. And test your password with a password checker like How Secure Is My Password (https://howsecureismypassword.net/)

Step 5

Backup your website

There are two types of backups that you can run – full backup (which backs up your entire site) and incremental (backs up changes that have been made since the previous backup). The frequency of your backups depend on how often your site has new content. If you have a static site with new content being added once a month or so, then a monthly backup is fine. Alternatively, if you are adding content multiple times each week, then a daily backup is recommended.

Think of it this way… how much data can you afford to lose?

[IMPORTANT] Always store your backups offsite! Preferably in the cloud.

Having a backup of your site will enable you to get it back online fast if any of the following occur….

  • If your server hard drive or other hardware fails;
  • If your site is compromised by malware;
  • If a site user accidentally removes core files; or
  • If you lose access to your website.

It’s wise to not rely solely on your hosting company for backup access and recovery.

Solution: Install a WordPress plugin like UpdraftPlus (https://en-au.wordpress.org/plugins/updraftplus/) or Backup Buddy (https://ithemes.com/purchase/backupbuddy/) and schedule your offsite backups.

Step 6

Keep WordPress Up-To-Date

There are three areas within WordPress to maintain your updates….. the core platform, your theme and your plugins.

So what can commonly go wrong?

  • Outdated platforms, themes and plugins often compromise your website’s security
  • Outdated plugins can cause compatibility issues, sometimes breaking your entire site
  • Updates are often released to fix security flaws…. but not updating can leave your site vulnerable, since the bad guys know what to look for ?

[SIDE NOTE] Delete plugins that are not active and are no longer required.

What can happen when you website is hacked?  Here are two examples of clients’ sites….

Example #1: The client’s site was over-taken with Isis propaganda.  Their pleasant looking pages, with loads of useful business based content, suddenly became a black screen filled with hate speech.

Example #2: Spam content was installed on the client’s site.  While this had no direct bearing on the look and feel of the site for visitors, had it stayed in place long enough, Google could have found it and blacklisted their site, ie removed it from the index.

Solution: Run all WordPress updates on a regular basis, ie two to three times a week.

Step 7

Install A Security Plugin Or Two

WordPress does provide some inbuilt security measures, but they’re nothing compared to the specialised plugins that are available. A top security plugin will include:

  • Active security monitoring
  • Firewalls
  • Malware scanning
  • Blacklist monitoring
  • File scanning
  • Security hardening
  • Post-hack actions
  • Brute force attack protection
  • Notifications for when a security threat is detected

Solution: We use and recommend two security plugins…. iThemes Security (https://wordpress.org/plugins/better-wp-security/) and Wordfence (https://wordpress.org/plugins/wordfence/). It’s vital that you maximize the configuration, otherwise they could be as useless as a box of wet matches.

Online Marketing Genies

PO Box 9257
Wynnum Plaza Qld 4178

Helen Goodman
Sue made the necessary changes to our website setup when we changed our URL. The whole process was handled quickly and efficiently. Highly recommend.
Helen Goodman
Cathy Brown
Sue has been the guru for our website development since 2011 and we find her to be professional, friendly, innovative and cheery. She responds quickly to our queries and requests for assistance. I would highly recommend Sue to you for your website development needs.
Cathy Brown
Adam Bretherton
Very helpful. Took the time to listen to what I wanted and provided a prompt solution within budget.
Adam Bretherton
alexis gavriel
Sue did a fantastic job to help sort out our additional email accounts and linking them all together for our family business! Between android, apple and pc devices it all seemed so complicated and we were starting to see issues receiving important orders from our customers. We were really happy Sue could work it all out for us and for the continual support provided to us. We highly recommend her for any tech issues. Thanks so much!
alexis gavriel
Glen Taylor
Sue & her team are dedicated, resourceful and most of all care about achieving a great outcome for us. We have worked with her for over 5 years and highly recommend her approach and her services
Glen Taylor
Laraine Craig
Just completed Sue's digital training course and am seriously impressed. Sue has a down to earth, approachable manner, which makes the process so much easier and I've learnt a heap in just a few hours. Sue leads you through the actual process step by step which is perfect for a newbie to SEO, Google My Business and all things technical in the background of optimising my website. Thanks Sue!!
Laraine Craig
Jovee Chadwick
Sue is an SEO and Google Guru! I recently completed an online marketing course with Sue and I couldn't be happier with my learnings. Sue explains things in a way that is easy to understand and helped me to instantly improve my google search presence without any paid advertising. I highly recommend her marketing courses for anyone wanting to improve their ranking on google searches and gain a better understanding on how SEO works. Thanks again Sue!
Jovee Chadwick
Nicola Chung
Wow what a session with Sue. She was so thorough with going through my website and seeing immediately what needed fixing and tweaking. She was so knowledgeable and readily open with information and tips on how to improve my SEO and the ranking of my website. Thank-you Sue, you really know your stuff!
Nicola Chung
Deepti M
In one hour with Sue I got more than any other SEO services I have tried in the past. If you looking for a local, trustworthy, reliable and knowledgeable SEO expert, she is it! I'd highly recommend her without a shadow of doubt
Deepti M
Bernadette Travers
OMG is a one stop solution when building and maintaining a successful website! The training and support that has been provided during and after our site was built has been beyond expectation. Thanks OMG!
Bernadette Travers