Major cyberattacks have been at the forefront of the media lately, and it’s got us thinking about WordPress site security.
Luckily, making a few small changes to your site can have a big impact on how secure it is.
A few weeks ago we gave you the first two of our seven WordPress site security steps. We know you’ve been itching for the final five, so without further ado…
3. Change your admin login URL
During installation, WordPress sets the admin URL to its default – either wp-admin.php or wp-login.php. Many people don’t bother changing it from this default.
Changing the URL to something more difficult to guess is a simple way to protect against brute force attacks.
Brute force attacks are the most common type of website security breach. Automated software will exhaustively ‘guess’ login credentials until it hits the right combination.
A brute force attack would need to correctly guess your username, password and login URL to succeed. Having a custom URL makes things significantly harder for the attackers.
4. Have a login limit
Putting a limit on the accepted number of login attempts is another easy way to prevent brute force attacks.
The WP Limit Login Attempts plugin will temporarily block any IP address that crosses the threshold of incorrect login attempts.
5. Switch to HTTPs
A man-in-the-middle (MITM) attack is where an ‘eavesdropper’ – for example, a malicious router offering free public wifi – intercepts and controls the communication between two parties.
You can protect against MITM attacks by switching your website from insecure HTTP to secure HTTPS using an SSL certificate. This enables a secure connection between the web server and browser.
On top of the security benefits, Google announced HTTPS as a ranking signal in 2014, and has begun indexing secure pages before unsecured pages. Better security and better SEO? Sounds like a good idea to us.
6. Stay updated
Using an outdated version of WordPress or out-of-date plugins leaves your website vulnerable to hackers.
Make sure you’re using the most up-to-date version of WordPress, and keep your plugins updated too. Lots of plugins have an option to automatically update, so consider enabling this to keep your site secure.
7. Backup regularly
Hopefully these steps will lower the risk of your site getting hacked. But if it does happen, you want to be able to pick yourself back up as easily as possible.
The best way to ensure you can is to regularly backup your site. That way, you’ll be able to restore your site from a previous version if you need to. There are plenty of backup plugins available to help you do this.
WordPress site security: a summary
It’s all too easy to be complacent – but the results of an attack could be at best annoying and at worst devastating.
Making a few simple changes to your WordPress site could vastly improve its security, so take the time to give it a review as soon as you can.
If you’d like to know more about WordPress site security, give us a call – we’d be glad to help out.