Open Mon - Fri 09:00-16:30

Security Basics for WordPress Websites

WordPress is a website platform that is used by over 53% of websites on the internet. With popularity comes security issues. On a day to day basis your WordPress website could have thousands of hacking attempts, but don’t let this put you off using WordPress. We have put together a list of basic security tweaks you can do to secure your website.

  1. Admin Username
    • The default username of WordPress is set to “admin”, using this username makes it one step easier for hackers to gain entry to your website. Change this username immediately.
  2. Admin Password
    • Creating strong passwords is necessary to make sure that your credentials are secure against attacks such as Brute Force attacks. Make sure to use a combination of numbers, letters (uppercase and lowercase) and special characters. A good example of a secure password would be: C3a#3U(&#([email protected]#ksa
  3. Updating WordPress
    • One of the most important security best practices a website owner can follow is making sure your website is up-to-date. That includes the WordPress version, plugins and themes. Many WordPress users update the core WordPress version and forget about the plugins and themes. These are essential to keeping a website secure and patched with fixes to known vulnerabilities. If you need assistance with updating your WordPress website, get in touch with us today.
  4. Change Admin URL
    • The standard URL to WordPress’s admin is /wp-admin or /wp-login. To make things more difficult for would-be hackers, update this URL to a different path. One step further would be to block any IP address that tries to access the original URL.
  5. Disable Login Error Messages
    • WordPress by default will show a message as to why your login failed. This is great for users to understand what went wrong but is also a great way for hackers to identify if usernames or email addresses exist in your users table. By hiding these messages, it makes identifying failed logins or users more difficult.
  6. Secure Directories
    • Hackers will always attempt to browse directories on your website server for files that have vulnerabilities or incorrect permissions. By disabling the browsing of your directories you can block this vulnerability. Ask your website hosting company to block this or contact us for assistance.
  7. Two-Factor Authentication
    • Two-Factor Authentication is a great method to blocking attacks that arise from user login credentials. By using this method you can mitigate risks quickly and effectively. So what is Two-Factor Authentication? No different to your login for online banking when the bank sends you a one time pin to confirm you are who you say you are. This is known as Two-Factor Authentication, it relies on your login username and password as well as a second credential to authenticate you.
  8. Plugins
    • Plugins are great for quickly implementing desired functionality, but this can also open up security vectors. Plugins are written by developers with different skill levels, if a developer creates a plugin that is written poorly and does not follow security best practices, the moment you install this plugin to your website you are open to the same vulnerability. Make sure to download plugins from reputable WordPress developers.

Understanding WordPress’s security will help you to keep your website and customers safe from malicious scripts.