WordPress is the single most popular and widely used CMS (Content Management System) that there is. As widely adopted as it is, it still has something of a bad reputation when it comes down to security. Nearly 20 million websites use WordPress and as this number increases, so do cyberattacks targeted at these sites.
Here we will highlight 5 of our top tips to help prevent your website falling victim to attack from hackers.
1 Keep your platform updated to mitigate WordPress security issues
WordPress is an open-source platform, which means that it can be modified at will by users. Many companies, for example, run their own modified versions of WordPress that best suit their needs. If you have such a copy, then it is important that it is kept upto date with the latest security patches and measures from the WordPress team themselves.
If you use the ‘official’ release of WordPress then the same applies. Minor updates are made automatically, and this includes security fixes and preventative measures, but larger updates need to be initiated automatically. The same is true of plugins. These need to be updated manually and should be done so as attackers often use outdated plugins as ‘a way in’.
80% of WordPress websites that have been successfully hacked were running outdated versions of either plugins or the platform itself. WordPress security is an ongoing issue.
2 Remove plugins that you do not use
Plugins allow for added functionality and customisation options. With literally thousands of plugins to choose from, it is pretty easy to build quite the collection. Sadly, plugins also act as a hacker magnet and this is especially true for unused plugins since they almost never get updated by the user.
98% of all security vulnerabilities in WordPress are plugin related. If that stat isn’t enough to make you delete, or at least update, the plugins that you don’t use then nothing is.
3 change the URL for your admin login
The default login URL for all new WordPress is “website.co.uk/wp-admin”. Nice and easy to remember, but it is also a flaw if you don’t change it. Afterall, we change default usernames and suggested passwords all the time so why not the login URL where we are able to?
Just remember, hackers know the default login URL too and from there it is a simple case of using what is known as a ‘brute force’ attack in order to render WordPress security powerless.
4 install and make use of a WordPress security plugin
Unused WordPress plugins are a security vulnerability, but we are certainly not saying that you should not have any at all. Used correctly, and kept updated, plugins are infinitely useful. This goes double for security plugins.
WordPress security plugins are able to block harmful traffic such as a DDOS attack, provide malware scanning and many other useful features that will help keep your website and data secure.
5 Make use of Cloudflare
Cloudflare is the single largest network currently operating on the web. The whole purpose of Cloudflare is to help member sites block bots, suspicious web crawlers, attackers and protect against DDOS attacks. The service sits between your website and the rest of the world and so helps prevent attackers and bad traffic from even reaching your website in the first place.
All of the above plus site speed increases… for free! There are paid plans too but the basic functionality is provided without cost.
Staying on top of WordPress security is important. Thankfully though, maintaining the security of your installation is not difficult. It is something that can be undertaken yourself but if you do need a hand, we are always available to help. Just let the team at Geeky Designs no.