Connect with us

Hi, what are you looking for?

Featured

7 Non-Technical Ways To Secure A WordPress Website

WordPress has always been one of the most popular choices for CMS-based websites. Its wide popularity is also one of the major reasons it is targeted by fraudsters and attackers. Some of the recent incidences such as the World Wide Internet slow down and the incidence whereby hackers specifically targeted WordPress-based websites across the globe, worked as an eye opener for users. Since then webmasters have started taking WordPress security very seriously.

But, one can find loads of different suggestions made available to many webmasters over the Internet that makes it difficult for non-technical website owners to choose what’€™s right for them. Therefore, with a view to making it simple and easy for you this article was born. It explains 7 ways simple ways to secure any WordPress site which is under your control. And what’s more? You don’t need to posses any special technical skills. By making use of these simple techniques anyone can safeguard a WordPress website.

security wordpress

Securing a website over the web means everything. It is your identity over the web, your bread-and-butter. Indeed, if your Website is hacked or intruded by some fraudster you may suffer major consequences especially if it’s a website where you run your online business. These consequences include loosing your reputation, confidential customer data and even facing a downtime. Thus, protecting your Website from every possible known threat is always easier than cleaning things up later.

Before we proceed with the following simple ways to enhance the security of your website and protect it from hacks and attacks, it is important to remember that hackers and fraudsters are constantly on a trail to find weaknesses and vulnerabilities in a website code or installed plugins. This is backed up by the current statistics of web sites powered by WordPress worldwide.

1. Get the latest WordPress version

WordPress frequently release improvements to its codes, be it bug fixes or security enhancement so it’€™s important to have the latest copy of WordPress installed on your website.  If you are someone who does not access the administration area of your website regularly, you should at least make it a point to check for any updates at least once every 30 days. This can be one of the most crucial steps to take in terms of securing your website. Likewise, if you have a friend or anyone who takes care of your website, ask them to take care of this as sometimes,updates may cause conflicts with some plugins that you’€ have installed for enhancing performance.

2. WordPress plugins are a blessing as well as a curse, so get the latest version of plugins installed

You’d find tons of plugins designed for WordPress by third-party developers. This is one of the most vulnerable aspects of WordPress security. Therefore, you should only install WordPress plugins from trusted sources. Plugins that haven’€™t been updated for years tend to have no active support available for them. So, it’s better to remove and replace them. You’€™d usually find multiple alternatives for any particular plugin, so this shouldn’t be a problem.

3. Monitor your server logs

This might seem a difficult task for non-technical individuals. But monitoring the server that runs your WordPress site can help you tame likely threats much before disaster strikes. In particular, logs hold every detail about visitors to your website, be it a bot, human (computer IP address) or anything else. Thus, if you find an unusual IP that has tried to access certain areas of your site, you can inform your developer or web host to investigate. If it’s an attacker trying to breach your system, your host can always block him over the server thereby protecting your website from any damage.

4. Delete the default Admin€™ User from WordPress

After WordPress is newly installed on a domain, it creates a user named Admin€™ by default. During recent attacks targeted towards WordPress sites, hackers specifically hunted down the sites that had such a username. Why?, because a typical WordPress user gets administrative privilege by default. So, if a hacker does manage to guess the password, he can have full control of your website. To avoid this problem, it is important to create a new user for your website and assign administrative access to it. Once you’ve done that, simply delete the default admin user. Find out more about it here : en.support.wordpress.com/deleting-accounts/

5. Monitor changes made to files

It’™s useful to have a monitoring system in place which can track any changes made to a file(s), therefore having a plugin such as CodeGuard, can help you receive notifications by email. This can help you keep a track of every edit made to your files thus avoiding the possibility of some random person fiddling with your website.

6. Have a strong password policy

Having a strong password which is difficult to guess is important, everyone knows that. But when asked about what a strong password is, not many would have a convincing answer. However, an ideally strong password would be a combination of upper-lower case, alphanumeric and special characters. Furthermore, in order to keep your website secure it’s a good practice to switch to a new password every six months.

7. Hosting- and server-level security

Your web hosting platform also plays a crucial part in maintaining the security of your website. If you have your site hosted over a dedicated server this may not be relevant to you, but if your site is hosted on a shared server you need take security very seriously. In particular, if your host isn’€™t stringent with its security policies, there’s quite a possibility that someone has already barged into the server and one of your neighboring website has already been compromised. In addition, chances are that the same attacker/hacker may try to gain access to your site too. Therefore, you should consider one of the following factors with your host to ensure security:

  • Confirm the version of your web server and software programs running on the server. Ensure it is the latest version available.
  • Have a server-level firewall.
  • Prevent access to your server from insecure networks such as public WiFi zones.
  • Have a different database with a distinct name for every WordPress installation.
  • Make regular and mandatory backup of your website and files.
  • Restrict access to the sites admin area i.e. wp-admin. To read more about the process, visit : restricting access to wp-admin.

From a security stand-point, here are a couple of plugins which can help you keep your WordPress-based website secure:

  • Better WP Security (FREE):€“ Installing this plugin can help you take care of most aspects of WordPress Security. You may even consider it as an all-in-one security solution. 
  • Limit Login Attempts (FREE) :€“ As the name suggests, this plugin helps you limit the number of unsuccessful login attempts made on your site.
  • Akismet (PAID): This plugin would be well-known to most WordPress users. It’€™s an excellent tool that prevents spam from reaching your website.
  • CodeGuard (PAID): This is a great automatic backup service that lets you easily roll back your website if you ever do get hacked.
  • CloudFlare (PAID and FREE):€“ This is more than just a CDN. CloudFlare also has its own security features, which one can benefit from, in place
  • Google Authenticator (FREE): This i€™s a two-factor authentication for WordPress. It’s Free.

Have A Safe Online Venture!

Written By

Barb is associated with WHUK, a web hosting service provider since 2001, as a Business Development Manager. She has a unique interest in Web Server Technology, Internet Security, SEO and Google Algorithmic Trends.

19 Comments

19 Comments

  1. alan

    September 11, 2013 at 7:38 am

    Nice tips Barbara. I am a newbie in the blogosphere. I don’t have any idea how we can change default user name “admin” to some other user name. If you know, please share it with us.

    • Barb

      September 12, 2013 at 7:50 am

      Thanks for appreciating the efforts Alan. With reference to your question, I’d suggest you to refer point no. 4 which explains about the creation of a NEW USER account and assigning him the administrative privileges. Once you’ve done that, you may either delete the default ‘admin’ account or change its privileges to subscriber.

      You can go this path to find the appropriate section in WP Dashboard >>> Users [You’d find it at the left side bar after you login to the admin area]

      @Rajeev : The latest version of WordPress does have the functionality of monitoring file changes and can be found under the revisions section under each article. So that saves you from adding any plugin for that reason 😉

  2. Robert Davis

    September 11, 2013 at 3:07 pm

    I would also recommend hiding your WP version.

  3. Sanjeev Singh

    September 11, 2013 at 5:59 pm

    Hello Barbara
    I have done all points you have written in this article. But one point which is Monitor changes made to files is not understandable by me. So can you explain this topic for me. And please don’t say to install plugin as i am already using 10 plugins and I do not want to install more plugin.
    Thanks regards
    Sanjeev Singh

  4. Barb

    September 12, 2013 at 10:40 pm

    There is actually a lot of wp plugins to secure a wordpress site. Ive noticed a lot of attempted logins to my sites usually when I rank for my keywords. I believe once your site is on top, some competitors would really try by all means to bring you down. Keep safe!

  5. Tushar

    September 14, 2013 at 4:24 pm

    All the steps you mentioned are required for protecting a blog from various attacks. The first step to protect a blog would be strong passwords – a combination of symbols, capital letter and numbers are the best thing to make it almost impossible to hack.
    There are many plugins as well that can help bloggers in protecting their blogs but if you know how to do it manually there is no need of any security plugins.

  6. Prakash

    September 14, 2013 at 4:24 pm

    I recently have had a few sites of mine hacked, so these tips are great advice. I am using wordfence as well and that is great for stopping hackers try to get in also.

    I have invested in an Australian hosting company too, and their security is impeccable.

  7. Gautam

    September 15, 2013 at 2:29 pm

    The biggest ,mistake that ever commits is Using admin as their username and it makes Security vulnerable and their Site can be hacked easily then.

  8. Alon

    September 17, 2013 at 12:49 am

    These points are very informative and depends on requirement for providing security from various attacks’ am new user so I have no any idea about blogger security and ho can be change default admin name. thanks for sharing idea with us…..

  9. Samantha Vermillion

    September 17, 2013 at 1:30 pm

    Deleting default admin user is a great suggestion, in bruteforce attacks, it is the most targeted username.

  10. Gautham Nekkanti

    September 17, 2013 at 1:38 pm

    Yes, i agree with you. Plugins must be up to date always. Take the example of timthumb script, which has exploit.

  11. Meridith

    September 27, 2013 at 2:08 pm

    I’m new to the world of blogging, but it seems to me like these tips would be good for any site, not just wordpress users. Thanks for the great advice

  12. Rohit Dubey

    October 2, 2013 at 9:20 pm

    ways suggested by you were good and worth reading your post.
    i liked all your ways.
    thanks..!!

  13. Salman

    October 31, 2013 at 3:31 pm

    Nice share Barbara…

    I wasn’t aware that Google Authenticator plugin for WP exists! Would definitely try it!

  14. manohar

    July 30, 2014 at 2:25 pm

    i would recommend to block certain ipadresses through htacess file

  15. Sharon

    December 4, 2014 at 4:49 pm

    Thanks for the tips about wordpress security. I am very much worried about my site that is being hacked continuously by some one and i wanna secure it at any cost 🙁

  16. shahzad

    March 21, 2015 at 10:54 am

    i really worried about the security of my wordpress blog when i read your articale so i solve my problem thanks for giving us such a nys information keep it up’

  17. Sarah Gondal

    June 12, 2015 at 5:31 pm

    Its really hard to secure a wordpress website. you article give me some good information.

  18. Fiana

    June 23, 2016 at 5:07 am

    Thank’s for sharing this information

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like

Web

Is your WordPress website performing at its absolute best? Have you ever wondered if there is anything left to done to make it even...

Blogging

The .htaccess file is a configuration file that helps you to control files and folders in the current directory, and all other sub-directories. The...

Web

Nowadays WordPress is a very popular platform and as a result pretty much everybody has access to its source code. Consequently, just about anyone...

Blogging

Did you know that June was the US National Internet Safety Month? With less than half of the population feeling safe from cyberthreats like...