Blog

WordPress Security: How to Protect Your Site from Attacks and Hackers

Posted by in Privacy and Security, Web Development


Because of its widespread usage, WordPress sites are popular targets for spammers, hackers, and internet creeps. In this post, we explore WordPress security and offer several ways to protect your website.

It’s important to protect your site from spammers and hackers. Fortunately, there are a number of solutions from WordPress and the community that can help you deter potential security issues. Additionally, it’s a good idea to take some preventive measures to minimize potential damage from a cyber attack.

How Can I Protect my Site?

Aside from universal truths applicable to all computer security—no, “password” is not a good password—there are several steps you can take to keep WordPress secure. Be forewarned, it takes constant vigilance. There is no “set it and forget it” solution. However, there are a number of tools that make the process pretty pain-free.

Keep Your Website Up-to-Date

There are a lot of smart hackers and spammers out there. Fortunately, a lot of WordPress developers are pretty smart, too. When a security vulnerability is discovered, it gets patched up and added to the next release. For this reason, it’s always a good idea to make sure that your WordPress installation is up to date with the latest version.

This is a good first step, but you’re not done yet. The most likely vulnerability in WordPress isn’t actually from your WordPress installation itself; it’s the plugins you have installed on your site.

WordPress Plugins: Go Light and Be Choosy

In addition to adding serious bloat and load time to your site, plugins represent a serious potential security threat. The WordPress core and its proposed changes are scrutinized by numerous, savvy developers. In contrast, anyone can create and distribute a plugin without any oversight. While this offers great flexibility and customizability, it also means that some plugins are made by inexperienced developers who leave gaping security holes in your system.

  1. Choose new plugins wisely. You don’t have to be a developer to evaluate the quality of a plugin. WordPress 4.0 makes this process easier than ever before. Pay special attention to a plugin’s user rating, when it was last updated, how many downloads it has, what percentage of support threads in the last two months have been resolved, and its compatibility with your version of WordPress. These indicators should give you a pretty good sense of the plugin’s quality.
  2. Evaluate your current plugins. How often do you use the plugin? What added value does this plugin offer to your users? How does that added value compare with how well written the plugin is? Bottom line: if you don’t use it, or it doesn’t add much value, uninstall it.
  3. Keep your plugins up-to-date. Just as keeping your WordPress installation updated is important, it’s also important to make sure your plugins stay current. Before you update them, however, check each plugin’s compatibility to make sure it won’t break your site.

WordPress Security Plugins

However, don’t think that plugins are your enemy. A number of WordPress plugins actually provide added security for your site. WordFence is a good one-plugin-fits-all solution that addresses many security concerns. It scans your database and website files looking for infections or vulnerabilities. It also lets you lock out users who have too many consecutive failed password attempts.

Back Dat Site Up

Taking preventive measures against attacks is critical, but once your site is compromised, how do you get it back? If you’re not a developer, diagnosing the problem may be difficult. Fortunately, you made regular backups, right? You can restore your site to a previous (hopefully uninfected) version. If you’re not comfortable backing up your WordPress database yourself from the terminal or phpMyAdmin, there are a number plugins that will do it for you, like WP Migrate DB.

WordPress in an awesome tool for you to use when building and maintaining your website, however WordPress security can be tricky. Keeping your site safe is an ongoing process. Hopefully some of the resources and tips you read about can help you prevent anything disastrous from happening to your work. It is always good to update your site with the latest security patches to ensure that you have the most up to date software patches and security plugins.

Need some help with WordPress security? Mightybytes offers basic website maintenance and support services to keep your website safe and secure. Drop us a line and let us know how we might help. You can also check out this post covering five tips to keep your website from getting hacked.

Mightybytes is a Chicago-based digital agency and Certified B Corporation. Connect with us on Twitter or get in touch via our contact form.