WordPress is considered one of the most reliable website hosting platforms because the software at its core is ensured to be secure enough by developers and people who are the best at their technical skills.
But like anything online, it can be hacked. Unlike provider hosted platforms like Wix, or Clickfunnels, nobody is responsible for your security or taking back ups. That falls solely on you.
And don't think it won't happen to you. It has happened many times to my local business websites over the years. There's nothing worse then having your customers find a page like this; potentially costing tens of thousands of dollars in missed revenue.
That's why I go to great lengths to make sure my companies' websites (grammar?) are secured and backups are ready to be deployed quickly.
Here's what I do!
Never Use “admin” as Your User Name
Some would suggest changing the default login URL, which is usually “wp-admin” connected at the end of your website URL. This also increases the security of your website by making it harder for hackers to access your login page. However, many people are still able to get by with this URL as long as the default username “admin” is changed.
The URL is convenient for when you have multiple people accessing your site and logging in. However, there’s no excuse not to change the username for the main person handling the site because it gives hackers less information to try and guess.
Many wordpress attacks are 'brute force' meaning that they just try as many passwords as possible, typically with 'admin' as the username. By changing your user name, you'll prevent this.
Make Your Password Strong
With the first point out of the way, it’s also necessary to create a strong password for every account in your site. A strong password consists of multiple types of characters, which is why some websites require a password that contains at least one capital letter, a number, and a special character.
If you don’t want to create a complicated password of your own, you can use the auto-generated password that contains a random sequence of the above. This would be hard to remember off the top of your head, so make sure you input this password into an encrypted note or a third party tool or app for keeping passwords and other sensitive information.
Use Premium Themes
WordPress free themes may look functional and attractive on the surface, but they’re not as secure as paid themes. The latter are coded by professional developers who make sure it satisfies WordPress’ security checks.
Some may also have continued support from the developers, so that you have someone to go to in times of confusion or when something goes wrong. To add to that, paid themes also allow more customization options for you. You’re given access to the full website code and script, and you can edit it according to further personalize the theme. In summary, you’ll get more options and features for the paid themes. You get what you pay for in the end.
Use a WP Security Plugin
Manually monitoring your website’s security requires daily checks with your website’s code, and figuring out where a malware could be written up there. It also takes a meticulous attention to detail to notice little nuances in functions and design that might be an effect of a malware.
Not all have the time for that or are developers who could understand code and know how to fix it if they ever see anything wrong. A security plugin then becomes necessary, especially for small business owners who could allot that time on more important things. These are among the security plugins that the WordPress blog actually ranks on top:
- Wordfence Security
- Sucuri Security
- All in One WP Security & Firewall
- iThemes Security
- Bulletproof Security
- Vaultpress
- Shield Security
- Block Bad Queries
Different plugins will have different features. For example, some would offer daily checks and 24/7 support. Others would have different advantages. On top of those, take into consideration going premium with your security plugin to ensure that you’re getting the most of their service.
Always Keep the Theme & Core Plugins Up to Date
Just because the premium theme and plugins are installed, it doesn’t mean the work stops there. Always keep them updated to the latest version and in sync with each other. When these don’t match and are not working at their most efficient version, it discounts all your efforts in securing your site.
Note: WordPress updates are usually made to fix discovered vulnerabilities.
Take Back Ups
Many WordPress hosting providers will include backup features, but it’s not wise to put all your trust in that. I use All-in-One WP Migration plugin, which exports to an offsite storage. In the event that something goes wrong with my site or it gets hacked, I have everything stored elsewhere.
Backups are generally a safety net, for whenever something unexpected and unfortunate happens. Make sure you’re taking backups, even when you’re just beginning and unsure of how long you’ll keep your website for.
Install an SSL Certificate
SSL stands for “Single Sockets Layer” and an SSL certificate is a necessity for small businesses that take sensitive information from users like credit card numbers, passwords, or anything of the like.
As the data is transmitted to your server, the information is encrypted, which protects your users from security threats and hacks, including from you or anyone that works in your company. Otherwise, the information is just sent as text and it can be read as is, which is dangerous if anyone ever hacks into your system without your knowledge.
Consider a Third Party WP Maintenance Support Service
As one of your greatest business assets, your website’s maintenance should be of utmost priority. Consider outsourcing your maintenance and support needs. Consider signing up to a service like GoWP or WP ZEN, two most trusted maintenance and support companies.
According to the plan you choose, these services could encompass most if not all of the things we mentioned above. Your site is valuable. Small businesses nowadays thrive off of their website. Take the job of securing it seriously. Before it happens, it’s better to prevent the worst from happening.