WordPress Security 101
Following a great WordPress meetup last month, we’ve had a lot of questions on how to improve WordPress security and backup.
Firstly, we’re going to reveal something that you probably don’t want to hear: nothing is 100% hack-proof. But WordPress security is all about the basics, and a few simple steps will go a long way to safeguarding your website. Welcome to WordPress Security 101.
Pick a Secure Username and Password
Sounds obvious, right? Unfortunately, the fact is that insecure passwords are by far the most common culprit in WordPress hacks, leaving you vulnerable to Brute Force Attacks, which is when malicious scripts bombard your WordPress Login in hope of gaining entry.
Luckily, it’s an easy fix. Steer clear of obvious usernames like “admin”, and create passwords that are at least twelve characters long, with letters (both lower and upper case), numbers, and symbols. If you’re having troubles creating a strong password, go to http://strongpasswordgenerator.com/.
Use the 3-2-1 Backup Principle
It’s a good idea backup your website so you can recover it in a worst case scenario. We suggest you employ the 3-2-1 Backup Principle for your WordPress website. Keep three backups of data in a minimum of two places, with at least one being offsite. There are many ways to handle your backups: via your own web host, using a plugin (we recommend Duplicator or Updraft Plus), or by subscribing to a backup service (check out VaultPress).
Keep Your Own PC Safe
Make sure your computer is secure and malware free to prevent any nasties transmitting to your site.
Final Note: “But What About Security Plugins?”
It’s tempting to combat a security threat by using one of the many “umbrella” security plugins. When configured correctly, these can do a fantastic job — but it’s very common that first-time WordPress users will simply install a plugin, flick a few switches randomly, and call the job “done”. Instead, we suggest that you take the time to understand the basics. WordPress Security 101 starts and ends with your website’s biggest security threat: YOU. Secure your username/password, get your backups sorted, and free your computer from nasties.
Ready for WordPress Security 102? Learn a few simple ways to harden your setup here.
Seems basic but you’re so right. Bad password is the most common and stupid thing that catches most people at some time or another.
I think 102 is broken?
Hi Joss. Thanks for commenting. That was a scheduling issue; now it’s all fixed