- Keep It Current
One of the biggest security vulnerabilities in WordPress is old software. WordPress is updated fairly often and whenever there’s a new security issue they roll out an update immediately. But that doesn’t do you any good if you’re not keeping your installation up to date. You also need to keep your themes and plugins up to date—they can have security issues as well. The easiest thing you can do to keep your site secure is installing a Security plugin . Sometimes people put off updates for fear of breaking their site, but you’d rather break your site with an update than risk a break-in. Also, just because a plugin is deactivated doesn’t mean it’s not a threat. You need to delete the plugin entirely.
- Use security plugins
Here are a handful of popular options:
http://wordpress.org/plugins/better-wp-security/– offers a wide range of features.
http://wordpress.org/plugins/bulletproof-security/– protects your site via .htaccess.
http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/– adds a firewall to your site.
http://wordpress.org/plugins/sucuri-scanner/– scans your site for malware etc.
http://wordpress.org/plugins/wordfence/– full-featured security plugin.
- Strong Passwords
Your security is only as good as your password. If you’ve got a simple password, you’ve got a simple site to hack. You need to use strong passwords. Your password should have numbers, capitals, special characters (@, #, *, etc.) and be long and unique. Your WordPress password can even include spaces and be a passphrase. Don’t use the same password in multiple places. Yes, remembering different passwords for different sites is tough, but a hacked site is worse.
- Manage Users
Your own strong password is useless if another admin has a weak one. You need to manage your users. Not everybody needs admin access. The more people with admin access, the more chances to hack your site. Make sure you’re only giving admin access to the people who truly need it. And make sure those few admins are following good secure practices. Remember to update or remove users when you have staff transitions.
- Back It Up
If anything ever goes wrong with your site, you want to be able to get it back up quickly. That means you need a backup plan. In order for backup to work, it needs to be complete and automatic. Backing up your database isn’t enough. That will save your content, but you’ll still have to rebuild your entire site, including theme tweaks and plugin settings. And if your backup isn’t automatic, you’ll forget about it.
Get a powerful backup tool such as BackupBuddy to keep your site safely backed up and ready to be restored.
- Use secure hosting
Hosting plays an important role to secure your wordpress website. When choosing a hosting provider, don’t go with the cheapest. Do your research, and make sure you wear use a well-established company with a good track-record for strong security measures.