WordPress is a frequent target for hacking attempts. It can be difficult to know how to secure your WordPress website. We thought it might be helpful to write about the best practices we use to secure WordPress websites.
- Use unique, strong passwords for your login. One of the techniques hackers use is a stolen password – a password you’ve used elsewhere – to login to your site. Another technique is to crack a weak password using a bot, repeatedly trying weak password combinations.
- Use Multifactor Authentication at your Wordpress login page. Plugins such as “Google Authenticator” will implement this.
- Update your installation at least monthly. This includes updating WordPress itself, all plugins, and any themes you’ve installed.
- Change your login page to protect with misdirection. Bots will try the default WordPress login URL to find your login page. Many people don’t change this link immediately, which threat actors depend on when exacting an attack. Simply changing this URL to something unique will give them nothing to probe. This is an easy step to complete that will greatly protect you from threats like this. Plugins such as “WPS Hide Login” (https://wordpress.org/plugins/wps-hide-login/) can help make this change easily.
- Install a security plugin. Multiple security plugins exist for free that will ban IP addresses that repeatedly try to access your login page or change the default URL for you. Caution – these plugins will also ban you, if you’ve forgotten your password and try too many times.
- Backup your site. SpireTech backs up our servers nightly, but these backups are not accessible to customers and recovery requires assistance from the Help Desk. Wordpress Backup Plugins usually utilize local storage which counts against your disk space quota, and may not backup the entire site. The backups of some server providers, like Plesk, will not use your disk quota, and will back up the entire filesystem, all databases, and, if located on the same server, email as well.
These steps can be just the beginning of a larger project of securing your business. If you want to avoid the headache, SpireTech offers Managed IT Support in the larger Portland area.