WordPress out of the box is a basic web platform. Its the additional design and functionality that you can add that makes WordPress so incredible . The same principle applies to security. The standard WP installation is vulnerable, and its because people don’t know this that you get problems.

WordPress is secure, but you have to make it secure. Because its the most popular web platform its the most popular target for hackers. In April and September last year there was a massive botnet attacks on WordPress sites, with reports that over 100,000 websites had been taken down. The news even made it into the BBC website.

The reason why its so easy for people to take down thousands of WordPress sites is because of the default admin User account. Programmers attempt to login in the the User name admin and then try a series of possible password until they get entry. Changing this should be the first thing you do when you install WordPress.

But what if your website does get hacked and looks like this?

 

If you’ve got a good webhost (as everyone should!) then you simply phone them up or send a message and ask them to restore your website from their backup. It should take no longer than 30 mins to get your website up and running again.

A good hosting provider will do this for free and do it straight away which will save the time and hassle of sorting it out. It shouldn’t be expensive either, I pay £15 a year for my fast and secure hosting. Godaddy once tried to charge me £120 for restore a clients website, the guy on the phone said “to do a backup I’ll have to get the tapes out.” Another host took over a month (and countless emails) to get a clients WordPress site running again.

How to secure WordPress in 7 easy steps

1. Make sure your host takes security seriously and will restore your website immediately and for free. You should always inquire before buying.

2. Login to WordPress, create a new User account, log out, then log back in and delete the Admin account

3. Install and configure one of these plugins: Bullet Proof Security (downloaded 1,084,322 times), Wordfence (downloaded 1,466,948 times) or iThemes Security (downloaded 1,848,962 times)

4. Regularly update your version of WordPress

5. Just in case! Add a backup plugin like BackWPup which you can schedule to run weekly, monthly or daily to Dropbox, email and more.

6. Use a free Content Delivery Network like Incapsula which will help to protect your website and improve it performance.

7. Still worried? Then install the plugin Botnet Attack Blocker.

Summary

Every website owners needs to take security seriously, regardless of the platform. Going through the steps 1 to 5 to secure WordPress takes ten minutes. If you have a good host who can restore your website and you take regular backups then you only have to be concerned with the fact that your website could do down for 30 minutes.

Simon runs WordPress and SEO workshops and can be found at socreativedigital.com

 

ABOUT THE AUTHOR

RELATED ARTICLES

Leave a Comment