When it comes to WordPress security, there are a lot of things you can do to lock down your site to prevent hackers and vulnerabilities from affecting your eCommerce site or blog. According to internet live stats over 100,000 websites are hacked every day. 😮 That’s why it’s so important to take some time and go through the following recommendations below on how to better harden your WordPress security.
We will make sure to keep this post up to date with relevant information as things change with the WordPress platform and new vulnerabilities emerge.
Secure WordPress Hosting
When it comes to WordPress security, there is much more than just locking down your site, although we’ll give you the best recommendations on how to do that below. There is also web server-level security for which your WordPress host is responsible. We take security very seriously here at Kinsta and handle a lot of these issues for our clients.
It’s very important that you choose a host that you can trust with your business. Or if you are hosting WordPress on your own VPS, then you need to have the technical knowledge to do these things yourself.
Use Latest PHP Version
PHP is the backbone of your WordPress site and so using the latest version on your server is very important. Each major release of PHP is typically fully supported for two years after its release. During that time, bugs and security issues are fixed and patch on a regular basis. As of right now, anyone running on version PHP 7.1 or below no longer has security support and are exposed to unpatched security vulnerabilities.
Sometimes it does take businesses and developers time to test and ensure compatibility with their code, but they have no excuse to run on something without security support. Not to mention the huge performance impact running on older versions has.
Use Clever Usernames and Passwords
Surprisingly one of the best ways to harden your WordPress security is to simply use clever usernames and passwords. Sounds pretty easy right? Well, check out SplashData’s 2019 annual list of the most popular passwords stolen throughout the year (sorted in order of popularity).
That is right! The most popular password is “123456”, followed by an astonishing “password”.
Use the Latest Version of WordPress, Plugins, and Themes
Another very important way to harden your WordPress security is to always keep it up to date. This includes WordPress core, plugins, and themes (both those from the WordPress repository and premium). These are updated for a reason, and a lot of times these include security enhancements and bug fixes. We recommend you to read our in-depth guide on how WordPress automatic updates work.
Unfortunately, millions of businesses out there running outdated versions of WordPress software and plugins, and still believe they’re on the right path of business success. They cite reasons for not updating such as “their site will break” or “core modifications will be gone” or “plugin X won’t work” or “they just don’t need the new functionality”.
How to Update WordPress Plugins
Updating your WordPress plugins is a very similar process to updating WordPress core. Click into “Updates” in your WordPress dashboard, select the plugins you want to update, and click on “Update Plugins.”
Use WordPress Security Plugins
And of course, we have to give some WordPress security plugins some mentions. There are a lot of great developers and companies out there which provide great solutions to help better protect your WordPress site. Here are a couple of them.
Kinsta has hardware firewalls, active and passive security, by-the-minute uptime checks and scores of other advanced features to prevent attackers from gaining access to your data. If, despite our best efforts, your site is compromised we’ll fix it for free.
Here are some typical features and uses of the plugins above:
- Generate and force strong passwords when creating user profiles
- Force passwords to expire and be reset on a regular basis
- User action logging
- Easy updates of WordPress security keys
- Malware Scanning
- Two-factor authentication
- WordPress security firewalls
- IP whitelisting
- IP blacklisting
- File changelogs
- Monitor DNS changes
- Block malicious networks
- View WHOIS information on visitors
A very important feature that many security plugins include a checksum utility.