The WordPress team at WordPress.org does a great job of making sure their code and architecture are rock solid. Most of the security issues with WordPress websites are the result of weak passwords, faulty installations, and or poor hosting protocols.
As a small business owner here are a few of the basic things you can do to lock down your WordPress website and project your business.
Do you have a recent backup? if not grab a backup before proceeding.
Now what you have have a backup, Before you do anything else, create a new admin user that does not have the name admin. When you create that new WordPress user use a very strong password. Best case is that you use the crazy long password that WordPress will make for you. Now that you have done that, logout and login as the new user. Now, go to Users in WordPress and delete the account admin. If the admin user has created content wou will promoted by WordPress to delete the content or assign it to an existing user. Assign it to a user.
You just decreased your chance of being hacked by 50%. Most automated hacks do repetitive login attempt with the user name Admin until they guess your password. If you have multiple users on your website, make sure that their Username and Name are not the same. This will stop hackers from guessing at existing user names to try to crack your passwords.
Next, lets harden WordPress by installing a security plugin. There are a number of really good ones but for the sake of this blog let’s focus on All In One WP Security
Go to Plugins > Add New. In the search box type in “All in One WP” the options below should now show the All In One WP Security plugin, click install. when the install is done click Activate. Now in your your left navigation pane in WP Admin find WP Security and click it.
After looking at your dashboard you will notice Critical Feature Status on the right.
When you are done you want all of these green and a minimum security score of 500. This won’t protect you from all hacks but it will protect you from 98% of them. Unless someone with real skills has a real reason to hack your site, you should be safe.
Run thru each of the options in the WP Security menu. Be sure to turn on the firewall, correct file permissions, and if setup user lockouts for bad login attempts. We also like to change the login screen name to a random name. This hides the login screen from would be hackers.
If you do all of this and your hosting company has decent security measure in place and good protocols you should have a worry free WordPress website. Safe from hackers and ready to help your business grow.
If you need help securing your WordPress website or building a new one, please call Seota. 972-737-2830.