New vulnerabilities are found every day and as soon as they come out your website is at risk. Good software developers will get straight on it and release updates to keep you secure. Don’t delay and update your site straight away. You need to login to WordPress every day to check if any updated are available.
The sheer number of themes and plugins available for WordPress is one of its most significant features but is also one of its greatest weaknesses. There are unfortunately a lot of bad programmers out there that don’t know how to program securely, and a lot of these themes and plugins can contain serious security vulnerabilities which will leave your website open to being hacked. Your best only downloading themes and plugins from well-known developers with lots of positive reviews and are supported and updated regularly.
For every plugin or theme installed this opens another possible attack vector. If you don’t need it or use it, then get rid of it.
We call this security through obscurity. Instead of logging in through the normal www.yoursite.com/wp-admin you would use www.yoursite.com/my-secret-login-page. You can enable this by installing the WP Hide & Security Enhancer plugin at https://wordpress.org/plugins/wp-hide-security-enhancer/
A method long used by hackers to attempt to gain access to a WordPress account is to try thousands of different passwords against a username quickly. One way to stop this happening is to install the WP Limit Login Attempts plugin ( https://wordpress.org/plugins/wp-limit-login-attempts/ ) which will only allow a certain amount of login attempts, after these attempts it temporally block the IP address from connecting to the website.
Two-factor authentication adds an extra layer of protection to your login. As well as your username and password you will also have to provide a seven-digit security code which you get on your phone by using an application such as google authenticator. MiniOrange has a brilliant plugin for doing this which can be found at https://wordpress.org/plugins/miniorange-2-factor-authentication/
A Website Application Firewall ( WAF ) is a network application that sits between your website and the internet to keep it safe. It automatically detects when a hacker is trying to perform actions on your site that they shouldn’t be and automatically block them. The WAF stays up to date with the latest security vulnerabilities so you can stay one step ahead of the hackers. If you’re interested in these we suggest checking out https://sucuri.net/website-firewall/
If you want to receive more content like this direct to your inbox then please signup to our newsletter using the form below: