Improving the security of your WordPress website

Improving Wordpress website security is a lot like increasing the security of your house. It’s all about putting up fences and gates, putting locks on doors and windows and installing an alarm to let us know when something is going down. It’s also about making sure that those fences look good and don’t stop you getting into your own home. However, not many people know what goes into improving website security.

WordPress powers ~30% of the internet

Websites build with WordPress now power roughly 30% of the internet. 30% is a very big slice of the pie and an appealing one for hackers and hackers are definitely out there. I don’t understand the hacker mind set myself, but this is life on the internet now days.

According to recent statistics from Wordfence, a WordPress security provider

Most of the attacks that we see on WordPress sites originate from compromised servers. About 25 million attacks per day are brute force login attacks. Another 3 to 5 million are what we refer to as ‘complex’ attacks which try to exploit a security vulnerability in your WordPress website.

In February [2017], the top 25 attacking IP addresses alone generated over 80 million attacks during the month.

Hackers are not looking for a long battle to gain access to a website. They specifically go after WordPress websites that are vulnerable because of security holes.

What simple changes can you make to improve WordPress website security?

There are simple things you can do that can reduce the threat to your website and most are just plain common sense really.

  • Use a strong password to get into the dashboard of your WordPress website. Read our post on generating safe passwords if you are not sure what a strong password looks like.
  • Logout of the Dashboard when you have finished the changes you are making
  • Don’t give out your login details to others. It is better that if others need to work on your website that they are given their own login details with privileges appropriate for to changes they need to make.
  • Remove old users who are no longer needing access to the website.
  • Keep Your Computer Up-to-Date and virus free. Sometimes hackers can gain access to your site due to security vulnerabilities on your computer and install software patches when they  are released.

What does Avoca Web Design do to protect our hosted WordPress websites?

We are proactive and constantly working to stay ahead of the game to keep websites on our website care plans safe. We have a number of WordPress specific security measures in place:

  • Use high quality hosting: We could have all the latest security tricks but if we don’t use a good hosting provider, our efforts aren’t going to matter all that much.
  • Extra Security layers: We use several security layers on our websites. These include Cloudflare, WordPress security plugins and .htaccess rules.
  • Limit logins: The brute force attack is tactic No.1 for hackers. We limit the number of times a person from a specific IP can attempt to login within a certain period of time.
  • Keep WordPress up-to-date: Something so simple can have a big impact on site security. Information about any security holes in previous WordPress versions are now available to the public. This means an out of date site is all the more vulnerable. We have a system that monitors all our websites for updates so it is easy to keep an eye out for any changes.
  • Keep plugins and themes up-to-date: Just as you update the WordPress Core regularly, you should also update plugins and themes. Each plugin and theme installed on your site is like a backdoor into your site’s admin. Unless properly secured (vetted thoroughly, updated regularly, etc), plugins and themes are like an open door to your personal info.
  • Delete any unused plugins or themes
  • High quality plugins and themes from well-known sources. Careful research of all the plugins that we use in website development leads to better security outcomes.
  • We use unique login usernames and strong passwords. A password that can’t easily be guessed or brute force cracked is essential.
  • We backup our websites regularly. Scheduled backups are an essential part of any website’s security strategy because it ensures that if a website is compromised, we’ll be able to restore it to a version prior to the damage with ease.
  • SSL Certificates: to allow secure connections from a web server to a browser. We are in the process of switching all our sites to HTTPS.

Want some help?

All these security measures are included in our website care plans, so our exisiting website care customers are well protected. If you want to talk to us about looking after your WordPress website then get in touch today.

 

Posted in
Let's work together