Keeping WordPress Safe

This article is about WordPress, specifically is WordPress safe?

Now I know what you’re thinking WordPress is awesome right? Who doesn’t love WordPress!

I know I do. I use it all the time in my day-to-day business activities and on 100’s of different websites we develop here at SkyPoint. Sure, I use BootStrap, React, Angular and other website structure software, but WordPress is by far my favorite for making websites that perform well and look great.

Most importantly, WordPress offers easy publishing for ideas that reduce the friction between creating new content and getting it online. This is why I have chosen it and used it for so many years since 2008 actually but this article is about how to keep WordPress safe.

Because it is an open-source platform consisting of a LAMP stack of software, mainly PHP and MySQL database, it can get hacked rather easily. WordPress is the biggest target for hackers on websites in the World. You should be well aware of this if you own a WordPress website.

So how do you keep your website that runs WordPress safe?

Here I have assembled some general ideas on what I do to keep my WordPress installations safe. First of all, make sure you update your PHP to the latest version, which is currently 7.2. Outdated PHP is a major security risk because they patch vulnerabilities in these new versions.

Once you update your PHP you will want to make sure that you update your themes and plugins as well. There is nothing worse than a WordPress installation that is behind several versions on updates and has tons of outdated plugins. It’s basically a walking landmine waiting to be hacked!

So once you’re up to date on all your software, we will want to focus on tightening down the hatches. I do this a couple of different ways, first of all, I like to obfuscate the login so it is not your standard wp-admin but rather something custom.

I use the plugin WPS Hide Login that has very easy functionality to change where the WordPress login screen is located. This way if a malicious crawler comes around and tries to crack my login screen they won’t be able to find it.

Next, I sometimes use security plugins on websites that are at high risk or have been hacked before. The plug-ins I like to use are:

Now I don’t always rely on these because they can slow down websites and sometimes they are the cause of reliability and access issues, so use these with caution. If you want to make sure that your website is 100% safe and can never be hacked in the first place, I recommend getting a firewall from Securi.

They also offer a Website Essentials product that is cheaper and allows clean-ups of hacked files. It’s not as pro-active as the firewall but is a lot cheaper. This is an absolute go to and a lifesaver if your website has been hacked.

I’ve used it on many many different sites and it has been very successful to clean up really bad infections and prevent them from reoccurring.

So how do we keep our WordPress safe?

By doing our due diligence and making sure that our website software is up-to-date, has the right security software in place, and that we might reach out to a third party like Securi to lock down our website permanently and also prevent any type of spam infection ever from being able to reach our precious site files in the first place.

What are you doing to keep your WordPress safe? Sound off in the comments below!

0 replies

Want to join the discussion?
Feel free to contribute!

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Written by: Jophiel Silvestrone

Jophiel Silvestrone has written 326 posts in the Tech Blog.

Jophiel grew up on a ranch in Paradise Valley, Montana near Chico Hot Springs. Working on the ranch instilled work ethic and self motivation. Filled with this drive, Jophiel started mowing the local school's yards twice a month throughout the summers, at the age of 12. He moved to Billings in 2004, where he has been deeply involved in the local business community ever since. A serial entrepreneur, Jophiel has ran multiple businesses in our local community. The first business, a janitorial and carpet cleaning company, founded in 2005, has employed over 50 locals. Moving on to the media industry, Jophiel and several partners founded Green Directory Montana in the spring of 2007. Green Directory's sustainability ranking software awarded points based on sustainable or "green" actions. These points counted towards a business's total "Green Score," which in turn ranked them against other businesses in their category and throughout the entire site. It also featured a limited edition print version distributed annually. A business acquisition allowed Jophiel to focus on new projects, and a few close business colleagues and Jophiel started Rocky Mountain Mr. & Ms. Magazine, a lifestyle publication for men and women in the Magic City. After a year and a half at the helm of RM3 Magazine, the business was purchased. He now runs a web development company SkyPoint Studios and fathers his son Jaoquin, who plays football, basketball, soccer, and is learning snowboarding from his dad. Recently, has expanded to locations in Havasu, Arizona & Vegas. SkyPoint Studios is a market leader in both Billings & Havasu and Jophiel is working on building that same level of market dominance in Vegas. Specialties: Extensive experience in online and offline business. Especially savvy at WordPress, and operate several sites, one example is the blog: skypointwebdesignbillingsmontana.com/tech-blog. Check out skypointwebdesignbillingsmontana.com for the latest projects from SkyPoint Studios.