If you’ve decided to run your website through WordPress because it’s a well-known, secure content management system (CMS), keep in mind that it’s prone to hackers (just like any other CMS). Yes, WordPress is very secure and happens to be the #1 network for websites in the US, but it’s not invincible from every spammer, hacker and bug lurking on the web. If a CMS IS saying this, we give you permission to call them out on their bluff with a chuckle.
A WordPress website can be attacked in more ways than one. There are bots always trying to find a snippet of code to get login access, hackers attempt to inject malicious code without you noticing, and spammers will post thousands of spam comments to slow your website down. The World Wide Web can be a scary one, and if you’re not cautious your website could become more than just a “spammy” website; it can become harmful to both your computer and your visitors.
Luckily, there are some fool-proof best practices you should (not can, but should) implement to ensure your WordPress website doesn’t become a victim to hackers.
1. Keep WordPress, Plugins and Themes Updated
This is number one on our list for a reason; it’s both the simplest and most effortless way to protect your website. Make sure you update your WordPress version as soon as a new one is released, since the newest version comes with new security patches. Your WordPress plugins and themes are also rolling out new versions on a regular basis, so make sure those are up to date too.
2. Backup Your Website
This should be a no-brainer, as your website could crash for more reasons than just hackers and spam. Sometimes, your plugin updates may not go smoothly, so it’s nice to have a backed-up version of your website to pull a working plugin file from. There is plenty of software that offers daily backups (we use ManageWP) so you can even pull files from a specific date.
3. Change the Admin User’s Name
When you build your WordPress website, the default WordPress username is named admin. Even if you didn’t know this, hackers do and will try to use this username to hack into your website. After you create your website, remember to set up a unique admin username for yourself and delete the admin-named username.
4. Install an Anti-Spam Plugin
Akismet is used to fight off spam attacks that try to slow down your website with thousands of blog post comments. This plugin is free and available here. Just make sure it’s always up to date with the latest version!
5. Delete Any Plugins Unused
If you’ve stopped using certain plugins for your website, be sure to delete them entirely from your website. These plugins are often a gateway for hackers to get access into your website; they find a hole or security issue through an outdated version of the plugin. No matter how they get in, it’s wise to get rid of these deactivated plugins as soon as you stop using them. If you choose to use it again in the future, simply download it like you did initially and upload it to your website.
Along with these security tips, there are other basic security practices you should be doing with anything that requires a login, including changing your password every three months and requiring your password to have a mix of numbers and case-sensitive characters. Follow these guidelines on a daily basis and you’ll instantly decrease your chances of being hacked or spammed.