8 tips to improve your WordPress website security

With the incidence of cyber attacks on the rise, protecting your WordPress website from hackers must be a priority. There are many easy steps you can take to improve your WordPress website security, we recommend the following, which don’t require any technical expertise:

8 Simple WordPress website security tips

1. Keep up to date

Keep your version of WordPress, plugins, and themes up-to-date. Updates often contain security patches so if you skip them you’re leaving your website vulnerable. Delete plugins or themes that you’re not using.

2. Don’t use admin as a username

Admin is the default name so can easily be guessed by hackers. Pick a user name which is less obvious.

3. Always use strong passwords

Use a combination of letters, numbers, and special characters in your password. This makes it harder for hackers to guess. We often choose a memorable sentence and make a password from that, e.g. “My mother lived at 23 Green Close before she got married” – Mml@23GCb4sgM% – complex password that is relatively straightforward to remember.

4. Use two-factor authentication

Two-factor authentication adds another layer of security to your log-in stage. We use authentication provided by the Google Authenticator app.

5. Limit log-in attempts

Avoid being the victim of a brute force attack (where hackers try to log in to your site over and over until they crack the password) by limiting the number of times a person from a specific IP can attempt to log in within an allotted period of time. We use the iThemes Security Pro plug in for this.

6. Rename your log-in page

There are two default log-in pages for WordPress:

  1. www.yourwebsite.com/wp-admin www.yourwebsite.com/wp-login.php
  2. www.yourwebsite.com/wp-login.php

Using the default makes it easy for hackers to log in to your website. We changed our log in URL via the iThemes Security Pro plug in.

7. Limit user access

Only grant backend access to those who absolutely need it. Assign each user appropriate permissions. Not all users will require ‘Administrator’ access so don’t give it to them by default.

8. Backup your site

Take regular back ups of your site so you can restore it quickly if it is hacked and brought down or compromised.

There are many advantages to having a WordPress website but like any technology, it is vulnerable to cyber criminals. Implement these security measures and help protect your website.