We can’t stress enough the importance of having robust site security. When you’re rushing to meet a deadline, properly securing your WordPress site might not be your biggest priority, so we’ve put together a checklist to make sure you don’t miss any of the essentials.
In a sea of over 2 billion websites, it’s understandable why many people don’t think their site is at risk of being hacked.
And if you’ve never been the victim of an attack, you might not worry about the possibility as much as you probably should.
However, it’s better to have the right protection and not need it, than go without and regret it.
We’ve put together a checklist of 16 steps you might want to take when securing your site – which will hopefully make organizing your security a breeze.
Opt for Secure Hosting
You can take every other step in this article and go above and beyond to harden your site, however, if you’re using cheap, shared hosting, it’s like having a reinforced, ultra-strong, titanium front door – and leaving a key under the doormat.
Without even considering security, shared hosting has enough drawbacks to convince most people to steer clear – but that’s a whole topic in itself. Check out our article on choosing the best type of hosting for your needs for an in-depth look at all of the pros and cons of shared hosting.
Possibly the biggest downside is the lack of security. A vulnerability on someone else’s site could result in the server being compromised and your site coming under attack – through no fault of your own.
Although hosting companies do try and take every precaution to stop malicious attacks like this from spreading, it’s not always possible with shared hosting, as the sites are hosted on the same server.
If you don’t want to worry about what’s going on in your site’s server, opt for VPS or dedicated hosting instead.
WPMU DEV’s hosting gives you dedicated memory, CPU, and SSD storage that is independent of any other sites – including others you host with us!
Top tips:
- Choose a hosting provider that is renowned for having robust security in place.
- Don’t skimp out on the price – spending slightly more on good hosting is better than going cheap and getting hacked.
- Take advantage of features your host offers such as automatic backups, a WAF, or the ability to block suspicious IP addresses.
Secure Your Login Page
Rarely is a hacking attempt personal. You might only run a small website for a boating club in your local village, but that doesn’t mean it will be safe from hackers.
Malicious bots sniff around the internet looking for vulnerabilities in websites and don’t discriminate. If they find that there’s a route past your WordPress login page, they’ll be infecting your files before you can say ”malware!”.
There are a few steps you can take to ensure your login page is safe from these kinds of attacks.
Mask Your Login URL
The first is using a plugin such as Defender to hide your login URL.
This makes it substantially harder for bots to carry out brute force attacks – if they can’t find your login page, there’s nowhere for them to try and crack your password.
It’s super easy to activate within Defender. Just choose a new slug for your login URL.
You can also redirect people who try to access your old wp-admin link to a page of your choice.
Use a Password Manager
There are two main rules when it comes to passwords:
- Make sure your passwords are a good length and contain a variety of different characters.
- Don’t use the same password for more than one account.
Adhering to both of these rules can make it almost impossible to remember all of your passwords, which is why you might benefit from a password manager.
LastPass and 1Password are two of the best password managers on the market and will help you create and store complex passwords for all of your accounts.
All you will need to remember is a strong and secure master password – the rest will be taken care of for you.
Read full article here: https://premium.wpmudev.org/blog/checklist-for-securing-wordpress-site
Comments
Post a Comment