WordPress’s wild success (according to w3Techs nearing a 30% market-share) can be attributed to it’s open source licensing, allowing anyone to use or contribute to the code. Unfortunately because of this open source-ness, it is far too often susceptible to hackers with malicious intent.
However this doesn’t always need to be the case, and in fact if properly prepared you can vastly reduce the chances of having your website compromised, below are some ways you can improve your WordPress websites security:
Install the iThemes Security plugin
Seriously, just do it. This plugin offers so many security features it should be included by default in each WordPress install, here’s a rundown of some of the features:
- Limit login attempts
- Website vulnerability scans
- Enforce strong passwords
- Force SSL
- Disable file editing
Don’t use “admin” as your username
When setting up your WordPress website it might be tempting to use something easy to remember as “admin” or “administrator” but when doing this it gives attackers/bots an advantage when trying to guess your login, since this is one of the most common usernames attackers/bots start with.
Disable file editing
This one is extremely easy and can help protect your site immensely if an attacker was able to get into your administration area. By simply adding this code to your wp-config.php file you will disable the file editors for theme and plugin files so they can’t add any malicious code:
Keep plugins, themes, and WordPress up to date
You’d be surprised at how often many people don’t do this, it’s a very simple way to avoid vulnerable code as developers are constantly on the lookout for any ways their code can be compromised and fixing it. Most times attackers take advantage of sites that use older code and quite often developers have released patches for them.
2 Step Authentication
2 step authentication can be extremely helpful when trying to protect your website. Instead of relying on only a single way of proving your identity (with a password), you would utilize one more step before being able to login. Some of these second steps verification processes include sending texts, emails, phone calls, or use custom apps. More information on 2 step authentication is available on the WordPress Codex.
If you have any questions on how else you can improve WordPress security on your website please do not hesitate contact us.