CyberSecurity Training
For Web Developers

7 security recommendations for keeping your WordPress site secure

27th November 2018

Plugins and Themes 

  1. Keep it updated

New vulnerabilities are found every day and as soon as they come out your website is at risk. Good software developers will get straight on it and release updates to keep you secure. Don’t delay and update your site straight away. You need to login to WordPress every day to check if any updated are available. 

 

  1. Only download well known and supported plugins and themes

The sheer number of themes and plugins available for WordPress is one of its most significant features but is also one of its greatest weaknesses. There are unfortunately a lot of bad programmers out there that don’t know how to program securely, and a lot of these themes and plugins can contain serious security vulnerabilities which will leave your website open to being hacked. Your best only downloading themes and plugins from well-known developers with lots of positive reviews and are supported and updated regularly. 

  1. Disable and delete unrequired themes and plugins

For every plugin or theme installed this opens another possible attack vector. If you don’t need it or use it, then get rid of it. 

Logins 

  1. Change the login directory

We call this security through obscurity. Instead of logging in through the normal www.yoursite.com/wp-admin you would use www.yoursite.com/my-secret-login-page. You can enable this by installing the WP Hide & Security Enhancer plugin at https://wordpress.org/plugins/wp-hide-security-enhancer/  

 

  1. Limit login Attempts

A method long used by hackers to attempt to gain access to a WordPress account is to try thousands of different passwords against a username quickly. One way to stop this happening is to install the WP Limit Login Attempts plugin ( https://wordpress.org/plugins/wp-limit-login-attempts/ ) which will only allow a certain amount of login attempts, after these attempts it temporally block the IP address from connecting to the website. 

  1. Enable 2 Factor Authentication

Two-factor authentication adds an extra layer of protection to your login. As well as your username and password you will also have to provide a seven-digit security code which you get on your phone by using an application such as google authenticator. MiniOrange has a brilliant plugin for doing this which can be found at https://wordpress.org/plugins/miniorange-2-factor-authentication/ 

Advanced Security 

  1. Get a Firewall

 A Website Application Firewall ( WAF )  is a network application that sits between your website and the internet to keep it safe. It automatically detects when a hacker is trying to perform actions on your site that they shouldn’t be and automatically block them. The WAF stays up to date with the latest security vulnerabilities so you can stay one step ahead of the hackers. If you’re interested in these we suggest checking out https://sucuri.net/website-firewall/ 

Did you enjoy this post?

If you want to receive more content like this direct to your inbox then please signup to our newsletter using the form below:

[mc4wp_form id=”46″]

Panel heading without title
Panel content