WordPress security needs to remain at the top of your mind. Enterprise businesses relying on it to fuel their content marketing should pay attention. About 58.7% of all websites with a content management system are running on WordPress. These owners may not be aware of the platform’s vulnerabilities.
Three Websites running on WordPress
You cannot afford to think about security after a hack happens.
7 ways to lock down your business website
1. Choose a VPS over shared or managed hosting
Leave shared hosting as soon as you possibly can. This is the number one reason why your website is vulnerable. You are on a block with hundreds of other accounts. It is likely, one of these websites will come under attack. The infection will spread to others which share the same space.
There are many options for those looking to move to a virtual private server (VPS). The easiest is to spin up a server on a service like Digital Ocean, Amazon, or Bitnami.
If those options feel out of your depth than choose a top rated host.
2. Install the right plugins
You should have a standard set of plugins which you use for every instance of WordPress you use. One way to manage this is through a service like wpcore.com. Here is a short list of a few favorites.
3. Hardening WordPress
Make sure you are following standard practices set out by Automattic. The WordPress codex goes over in detail ways to secure your installation. Use this document as a checklist and go over your settings. In particular, focus on your file permissions and restricting access to your database.
Consider learning how to use SSH keys to log onto your server instead of using passwords.
4. Use two-factor authentication
You have no excuse here if you have a smartphone. Passwords are a vulnerability. Two-factor authentication will reduce your risk of a blog take over. There are two ways to do this on WordPress.
5. BackUp all the Things
Get used to backing up your WordPress blog frequently! You should do this anytime you make a change which could cause the white screen of the death. That is altering your theme files, adding in new plugins, or performing an update.
But this step is not as simple as it appears. Here are all the things which you need to save.
- Media uploads folder
- WordPress entries
- Plugin files
- Theme files
- WordPress database
These are the items which are always undergoing changes. Thankfully, there are solutions which help. Automattic provides a service, VaultPress, which will do all this for you. ManageWP is another popular option with added benefits if you manage many WordPress websites.
These next two options are for advanced users. Make sure to backup your WordPress files before editing them.
6. Edit your .htaccess
The .htaccess file is more useful than you think. There are plenty of snippets which will prevent malicious visitors from editing your files. Here are a few common suggestions which will improve your security right away.
7. Use the right wp-config settings
Lastly, there are a few best practices for the wp-config file. You probably haven’t taken a look at it since you first installed WordPress. You should update and make sure the file is secure. Heed the warning about changing your database prefix. Only do this through the use of a helper plugin and back things up first!
WordPress Security begins by attending to vulnerabilities
WordPress security is not difficult, but its many moving parts make it complex. Make sure that you have a backup before you make edits on your important files. Keep WordPress updated so that you have all the latest security patches.