This article is about WordPress, specifically is WordPress safe?
Now I know what you’re thinking WordPress is awesome right? Who doesn’t love WordPress!
I know I do. I use it all the time in my day-to-day business activities and on 100’s of different websites we develop here at SkyPoint. Sure, I use BootStrap, React, Angular and other website structure software, but WordPress is by far my favorite for making websites that perform well and look great.
Most importantly, WordPress offers easy publishing for ideas that reduce the friction between creating new content and getting it online. This is why I have chosen it and used it for so many years since 2008 actually but this article is about how to keep WordPress safe.
Because it is an open-source platform consisting of a LAMP stack of software, mainly PHP and MySQL database, it can get hacked rather easily. WordPress is the biggest target for hackers on websites in the World. You should be well aware of this if you own a WordPress website.
So how do you keep your website that runs WordPress safe?
Here I have assembled some general ideas on what I do to keep my WordPress installations safe. First of all, make sure you update your PHP to the latest version, which is currently 7.2. Outdated PHP is a major security risk because they patch vulnerabilities in these new versions.
Once you update your PHP you will want to make sure that you update your themes and plugins as well. There is nothing worse than a WordPress installation that is behind several versions on updates and has tons of outdated plugins. It’s basically a walking landmine waiting to be hacked!
So once you’re up to date on all your software, we will want to focus on tightening down the hatches. I do this a couple of different ways, first of all, I like to obfuscate the login so it is not your standard wp-admin but rather something custom.
I use the plugin WPS Hide Login that has very easy functionality to change where the WordPress login screen is located. This way if a malicious crawler comes around and tries to crack my login screen they won’t be able to find it.
Next, I sometimes use security plugins on websites that are at high risk or have been hacked before. The plug-ins I like to use are:
- WordFence Security
- WP Cerber Security, Antispam & Malware Scan
- Sucuri Security – Auditing, Malware Scanner and Hardening
- Limit Login Attempts Reloaded
- BulletProof Security
- All In One WP Security
Now I don’t always rely on these because they can slow down websites and sometimes they are the cause of reliability and access issues, so use these with caution. If you want to make sure that your website is 100% safe and can never be hacked in the first place, I recommend getting a firewall from Securi.
They also offer a Website Essentials product that is cheaper and allows clean-ups of hacked files. It’s not as pro-active as the firewall but is a lot cheaper. This is an absolute go to and a lifesaver if your website has been hacked.
I’ve used it on many many different sites and it has been very successful to clean up really bad infections and prevent them from reoccurring.
So how do we keep our WordPress safe?
By doing our due diligence and making sure that our website software is up-to-date, has the right security software in place, and that we might reach out to a third party like Securi to lock down our website permanently and also prevent any type of spam infection ever from being able to reach our precious site files in the first place.
What are you doing to keep your WordPress safe? Sound off in the comments below!