Featured

7 Non-Technical Ways To Secure A WordPress Website

WordPress has always been one of the most popular choices for CMS-based websites. Its wide popularity is also one of the major reasons it is targeted by fraudsters and attackers. Some of the recent incidences such as the World Wide Internet slow down and the incidence whereby hackers specifically targeted WordPress-based websites across the globe, worked as an eye opener for users. Since then webmasters have started taking WordPress security very seriously.

But, one can find loads of different suggestions made available to many webmasters over the Internet that makes it difficult for non-technical website owners to choose what’€™s right for them. Therefore, with a view to making it simple and easy for you this article was born. It explains 7 ways simple ways to secure any WordPress site which is under your control. And what’s more? You don’t need to posses any special technical skills. By making use of these simple techniques anyone can safeguard a WordPress website.

security wordpress

Securing a website over the web means everything. It is your identity over the web, your bread-and-butter. Indeed, if your Website is hacked or intruded by some fraudster you may suffer major consequences especially if it’s a website where you run your online business. These consequences include loosing your reputation, confidential customer data and even facing a downtime. Thus, protecting your Website from every possible known threat is always easier than cleaning things up later.

Before we proceed with the following simple ways to enhance the security of your website and protect it from hacks and attacks, it is important to remember that hackers and fraudsters are constantly on a trail to find weaknesses and vulnerabilities in a website code or installed plugins. This is backed up by the current statistics of web sites powered by WordPress worldwide.

1. Get the latest WordPress version

WordPress frequently release improvements to its codes, be it bug fixes or security enhancement so it’€™s important to have the latest copy of WordPress installed on your website.  If you are someone who does not access the administration area of your website regularly, you should at least make it a point to check for any updates at least once every 30 days. This can be one of the most crucial steps to take in terms of securing your website. Likewise, if you have a friend or anyone who takes care of your website, ask them to take care of this as sometimes,updates may cause conflicts with some plugins that you’€ have installed for enhancing performance.

2. WordPress plugins are a blessing as well as a curse, so get the latest version of plugins installed

You’d find tons of plugins designed for WordPress by third-party developers. This is one of the most vulnerable aspects of WordPress security. Therefore, you should only install WordPress plugins from trusted sources. Plugins that haven’€™t been updated for years tend to have no active support available for them. So, it’s better to remove and replace them. You’€™d usually find multiple alternatives for any particular plugin, so this shouldn’t be a problem.

3. Monitor your server logs

This might seem a difficult task for non-technical individuals. But monitoring the server that runs your WordPress site can help you tame likely threats much before disaster strikes. In particular, logs hold every detail about visitors to your website, be it a bot, human (computer IP address) or anything else. Thus, if you find an unusual IP that has tried to access certain areas of your site, you can inform your developer or web host to investigate. If it’s an attacker trying to breach your system, your host can always block him over the server thereby protecting your website from any damage.

4. Delete the default Admin€™ User from WordPress

After WordPress is newly installed on a domain, it creates a user named Admin€™ by default. During recent attacks targeted towards WordPress sites, hackers specifically hunted down the sites that had such a username. Why?, because a typical WordPress user gets administrative privilege by default. So, if a hacker does manage to guess the password, he can have full control of your website. To avoid this problem, it is important to create a new user for your website and assign administrative access to it. Once you’ve done that, simply delete the default admin user. Find out more about it here : en.support.wordpress.com/deleting-accounts/

5. Monitor changes made to files

It’™s useful to have a monitoring system in place which can track any changes made to a file(s), therefore having a plugin such as CodeGuard, can help you receive notifications by email. This can help you keep a track of every edit made to your files thus avoiding the possibility of some random person fiddling with your website.

6. Have a strong password policy

Having a strong password which is difficult to guess is important, everyone knows that. But when asked about what a strong password is, not many would have a convincing answer. However, an ideally strong password would be a combination of upper-lower case, alphanumeric and special characters. Furthermore, in order to keep your website secure it’s a good practice to switch to a new password every six months.

7. Hosting- and server-level security

Your web hosting platform also plays a crucial part in maintaining the security of your website. If you have your site hosted over a dedicated server this may not be relevant to you, but if your site is hosted on a shared server you need take security very seriously. In particular, if your host isn’€™t stringent with its security policies, there’s quite a possibility that someone has already barged into the server and one of your neighboring website has already been compromised. In addition, chances are that the same attacker/hacker may try to gain access to your site too. Therefore, you should consider one of the following factors with your host to ensure security:

  • Confirm the version of your web server and software programs running on the server. Ensure it is the latest version available.
  • Have a server-level firewall.
  • Prevent access to your server from insecure networks such as public WiFi zones.
  • Have a different database with a distinct name for every WordPress installation.
  • Make regular and mandatory backup of your website and files.
  • Restrict access to the sites admin area i.e. wp-admin. To read more about the process, visit : restricting access to wp-admin.

From a security stand-point, here are a couple of plugins which can help you keep your WordPress-based website secure:

  • Better WP Security (FREE):€“ Installing this plugin can help you take care of most aspects of WordPress Security. You may even consider it as an all-in-one security solution. 
  • Limit Login Attempts (FREE) :€“ As the name suggests, this plugin helps you limit the number of unsuccessful login attempts made on your site.
  • Akismet (PAID): This plugin would be well-known to most WordPress users. It’€™s an excellent tool that prevents spam from reaching your website.
  • CodeGuard (PAID): This is a great automatic backup service that lets you easily roll back your website if you ever do get hacked.
  • CloudFlare (PAID and FREE):€“ This is more than just a CDN. CloudFlare also has its own security features, which one can benefit from, in place
  • Google Authenticator (FREE): This i€™s a two-factor authentication for WordPress. It’s Free.

Have A Safe Online Venture!

Be the FIRST to Know - Join Our Mailing List!

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Previous ArticleNext Article
Barb is associated with WHUK, a web hosting service provider since 2001, as a Business Development Manager. She has a unique interest in Web Server Technology, Internet Security, SEO and Google Algorithmic Trends.

19 Comments

  1. Nice tips Barbara. I am a newbie in the blogosphere. I don’t have any idea how we can change default user name “admin” to some other user name. If you know, please share it with us.

    1. Thanks for appreciating the efforts Alan. With reference to your question, I’d suggest you to refer point no. 4 which explains about the creation of a NEW USER account and assigning him the administrative privileges. Once you’ve done that, you may either delete the default ‘admin’ account or change its privileges to subscriber.

      You can go this path to find the appropriate section in WP Dashboard >>> Users [You’d find it at the left side bar after you login to the admin area]

      @Rajeev : The latest version of WordPress does have the functionality of monitoring file changes and can be found under the revisions section under each article. So that saves you from adding any plugin for that reason 😉

  2. Hello Barbara
    I have done all points you have written in this article. But one point which is Monitor changes made to files is not understandable by me. So can you explain this topic for me. And please don’t say to install plugin as i am already using 10 plugins and I do not want to install more plugin.
    Thanks regards
    Sanjeev Singh

  3. There is actually a lot of wp plugins to secure a wordpress site. Ive noticed a lot of attempted logins to my sites usually when I rank for my keywords. I believe once your site is on top, some competitors would really try by all means to bring you down. Keep safe!

  4. All the steps you mentioned are required for protecting a blog from various attacks. The first step to protect a blog would be strong passwords – a combination of symbols, capital letter and numbers are the best thing to make it almost impossible to hack.
    There are many plugins as well that can help bloggers in protecting their blogs but if you know how to do it manually there is no need of any security plugins.

  5. I recently have had a few sites of mine hacked, so these tips are great advice. I am using wordfence as well and that is great for stopping hackers try to get in also.

    I have invested in an Australian hosting company too, and their security is impeccable.

  6. These points are very informative and depends on requirement for providing security from various attacks’ am new user so I have no any idea about blogger security and ho can be change default admin name. thanks for sharing idea with us…..

  7. Thanks for the tips about wordpress security. I am very much worried about my site that is being hacked continuously by some one and i wanna secure it at any cost 🙁

  8. i really worried about the security of my wordpress blog when i read your articale so i solve my problem thanks for giving us such a nys information keep it up’

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend