How to Secure WordPress

February 23, 2014

What does it take to make a good, secure WordPress site? Do I have to take a course or read a library worth of books? The fact is that reading this article will give you the base of knowledge you need to start your new site, so check out the advice below.

You have to stay on top of updates. Many plugins, and WordPress itself are updated regularly because of weaknesses or loopholes which have been discovered. You must patch this code as soon as the updates become available.

You shouldn’t pick a username such as “admin”. Using a username like admin or administrator ups your chances of being hacked. Then, your entire site is at risk. Go through your users page, and erase any such usernames. Pick a different username.

Use a security plugin. Keeping your blog secure is important, and there are plenty of plugins out there that promise to do just that. Try a plugin you feel you can trust. WordFence is a good choice. It offers a firewall, does virus scans, blocks any malicious networks, and is free.

Only install the plugins that you really need. When you have many plugins, you have to keep up with installing updates for them. Old plugins can be a security risk. Sometimes an update can conflict with another plugin and cause problems. The more plugins you use, the higher the risk of some plugins not working well together.

You need to make sure that your WordPress blog has some security installed. There are times when your blog may be vulnerable due to technical issues.

Your first line of defense should be to install a backup plugin such as Backup WordPress. This plugin can be configured to make backup copies of your database on a schedule and even to email them to you as attachments, if the compressed backup is small enough. It can do the same for your entire installation including your files, but unless you have a very small site, this will be stored on your server and you will have to download it manually.

If you aren’t using themes or plugins then you should remove them for security purposes. Even though your currently installed plugins are probably safe, there’s no reason to keep any items you no longer use. If this happens, you would be vulnerable to code injections, and this could ruin your website.

Keep Track of Plugins

Use a security plugin. Keeping your blog secure is important, and there are plenty of plugins out there that promise to do just that. Try a plugin you feel you can trust. WordFence is a good choice. It offers a firewall, does virus scans, blocks any malicious networks, and is free.

A WordPress website of any sort can run slowly depending on the server environment and even the time of day. The best way to speed things up, apart from deleting unused plugins and optimizing the size of your images, is to add a caching plugin. Basically, a caching plugin requests a page and then saves the rendered plain HTML code as a static HTML file, in a folder in the web site root folder. Every time that page is requested, its the plain HTML cached copy which is served, saving server overhead and many calls on your MySQL database. It’s more complicated than this simple explanation implies, of course, but that can all be left to the plugin to look after. The best cache plugin, and the simplest for a beginner to install is called Quick Cache and you can download it from http://wordpress.org/plugins/quick-cache/ .

Buy Premium WordPress Themes with Built-in Functionality

Probably the easiest way to cut down on the number of plugins that you need – and so make your web site run faster – and also improve security is to buy a premium theme with the required functions included in the theme already. The premium WordPress themes from ThemesBro (Us!) do just that in a number of areas. Our themes have custom post types to make it easy to create properly formatted pages for Testimonials, Meet the Team, Video Galleries, Price Lists and Timetables. Our themes have custom widgets complete with their own icon sets, for promotion boxes, sidebar and footer text boxes and some have Google map functionality built in.

A few more suggestions – or warnings

Furthermore, we are both flexible and responsive – in both senses – all our themes are responsive, and we are a responsive team. If there is a theme or a function in a theme that you need to meet the needs of one of your clients, then get in touch with us here and tell us what you need. If we think that there is any commercial value in the suggestion, we’ll get in touch with you and produce the finished item for you.

Evaluate plugins carefully before you install it in your WordPress account. Plugin creation is not regulated, and anyone in the world with the right skill can create a plugin and make it available to the public. To make sure that the source is reliable, read the reviews and pay special attention to the negative comments, better still only use plugins which you have downloaded from WordPress.org or a major, well-known developer.

Only install the plugins that you really need. When you have many plugins, you have to keep up with installing updates for them. Old plugins can be a security risk. Sometimes an update can conflict with another plugin and cause problems. The more plugins you use, the higher the risk of some plugins not working well together.

If you have any plugins which have been de-activated, you should delete them entirely. This means checking for any leftover files and deleting those too. Although you may think there is no harm in a de-activated plugin, even then it could present an opportunity to ‘get in through the back door’. Likewise, any plugins which are active but unused, should be deleted. You might even see your site’s performance taking a turn for the better, and nowadays, Google checks the page load time – the faster the better. In a round about way, tightening up on security could well see your SERPs position improve!

If you want to spice up your comment section, consider plugins which allow you or your readers to customize their posts. For example, Gravatar allows them to choose their own avatar to appear next to their posts, meaning that their content can easily be picked out across all WordPress sites.

Now that you have this great advice in mind, your next step is to put it to use. Install WordPress and start to play with all of its features. Once you feel comfortable, publish your site and enjoy your new internet presence! Continue to read articles like this so you can stay on top of new advances.

Copyright © 2017 ThemesBro. All rights reserved.