In part 1 of this series on securing your WordPress website, we covered why it’s important to secure WordPress. We also reviewed two basic security concepts so you have some foundational knowledge to take the next steps with confidence.
In this post, let’s get to some actionable steps to start securing your WordPress site!
Setup a Backup Solution
Setting up a backup solution is the most important thing you can do for the safety and security of your WordPress website. Some security experts say that it’s not a matter of IF but WHEN you’re hacked. With backups of your website, you can recover from even the most damaging of hacker attacks.
Most web hosting providers have ways to perform and download full backups of your WordPress website. There are also many free and paid WordPress backup plugins like UpdraftPlus and BackupBuddy. Third-party backup services like CodeGuard are easy to setup and will do daily automated backups of your site.
Whichever backup option you choose, make sure you can schedule automatic backups. You want to capture recent backups without even having to think about it. Store the backups off-site, meaning away from your WordPress server and hosting provider. Your Google Drive or Dropbox might be a good option.
Run Antivirus on Your Computer
How is keeping your personal computer free of malware, viruses, and spyware important for your WordPress security? One reason is that some malware programs install keyloggers which capture your keystrokes. A keylogger will capture your WordPress username and password and once the bad guys have that, they could log in as you and take over your website.
Other things you should do:
- Update and patch your operating system and applications often
- Avoid risky and untrusted websites like gambling, pornography, and pirating sites
- Use a VPN when accessing unsecured public Wi-Fi hotspots, like at a hotel or coffee shop
Only Use Secure Connections to Your WordPress Website
Speaking of unsecured public Wi-Fi hotspots, it’s important to use only secure connections to your WordPress website. Any information going out to the internet from a non-secure connection goes in cleartext. This means any hacker can see the traffic you are sending, much like a postcard compared to an envelope.
To establish a secure https:// connection to your WordPress website, you’ll need to install an SSL/TLS certificate on your server. Your hosting provider should be able to help you with that (or contact us here at Miss Tweak It). These days, SSL/TLS certificates are cheap and even free through organizations like Let’s Encrypt.
Always Use Strong Passwords
Over the last few years, there have been many password breaches. Once the stolen passwords were revealed, noticeable password-usage patterns appeared.
Turns out that many people end up using the same simple passwords that are easy to guess. Passwords like 123456, qwerty, and monkey should never be used. As a rule, never use a plain dictionary word for a password and never use names or keyboard patterns. It’s also not effective to replace letters with symbols, for example, ‘a’ with ‘@’, ‘i’ with ‘!’ or ‘e’ with ‘3’ like in p@ssword or monk3y.
What still works is a complex, long, unique password. Use these tips:
- Make it at least 12 characters long (the longer the better)
- Use a random combination of uppercase and lowercase letters
- Mix in some numbers and symbols
Examples of a complex, 12-character unique password would be e]z!VChKx”7B or jX5K;?m#PP#v. But don’t use these, they’re only examples!
In the upcoming part 3, we’ll continue with more easy but powerful WordPress security tips. And if any of this sounds too complicated, we understand! As a business owner, you sometimes don’t have the time or interest to do the IT and security tasks that you should. Miss Tweak It has over 30 years of combined experience in the IT field. We specialize in Web Design, Project Management, and Digital Marketing. Contact us today and we’ll handle your WordPress security for you.