WordPress Security Guide
Why is WordPress security important?
Did you know that 46% of UK businesses in 2019 and 2020 have faced a cyber-attack? (meerrrr).
And the stats are even more shocking if you own a WordPress site. Due to the sheer amount of WordPress users, Hackers see WordPress as a pool of opportunity. In fact, Sucuri confirmed that in 2021 alone, over 65,000 websites scanned by SiteCheck were found to have WordPress related vulnerabilities. For this reason, it is more important than ever to pay close attention to your WordPress security.
Therefore, I’ve put together this blog on how to improve your WordPress’ security – and how to stay one step ahead of the hackers.
So, what causes WordPress hacks?
Shockingly, having a super safe and secure password isn’t enough to keep the bad guys at bay. For instance, According to Wordfence, the most common way hackers enter WordPress sites is actually through vulnerable plugins. Surprising? Check the top-ten list of hacker entry points:
- Plugins
- Brute force
- WordPress core
- The theme
- WordPress host
- File permissions
- Old files
- Password theft
- Workstation
- Phishing
Weirdly enough, the only factors we can directly control against hackers are file permissions, old files and password theft. All of the other seven causes seem pretty much out of our control, right?
For example, if we download a trusted plugin or use a popular WordPress theme. Surely we can’t prevent hackers as it is out of our control? Right?
Well, not exactly. There are simple ways to remain diligent against hackers online, including those which seem out of our control. Check them out below:
Plain and simple ways to avoid hackers
Downloading the suspicious
Downloads aka cyber-criminals gateway to opportunity. You’ll see in the above top ten list of hacker entry points. That’s hackers attach use access points like plugins, themes and files.
So, a way to avoid the worst, is to only download content from trusted and reliable sites. Of course, criminals might still be able to hack trustworthy and secure downloads. But, this way you’ll be making it harder for them to do so.
Passwords
It seems obvious. But 66% of people only use 1-2 different passwords for all of their accounts. If you’re doing this, you’re committing a cardinal sin. You may be willingly making it easier for the hacks to attack your website and content.
So, here’s are some basic ways to protect your passwords:
- A secure password using numbers, capitals and symbols
- Use a password generator
- Don’t forget to update your passwords
- Save all of your passwords in a protected password manager.
Usernames
Using a weak username may give hackers the gateway to a world of information. So your username might help cybercriminals to build an online profile about you. Including things like your groups, website and even your browser history. Wow.
Just like password protection, you should never overlook the importance of having a secure username.
Alison Rothwell
Alison is the Director and Founder of WP Fiddly Bits, the WordPress Website Maintenance experts, and contributes to the WP Fiddly Bits WordPress blog. She also uses her background in marketing to help clients get found everywhere online.