How safe is WordPress?
When suggesting WordPress for someone’s site or blog I often get a lot of sceptic reactions.
“You’re kidding right, my site won’t be safe!” “Isn’t that easy to get hacked?” and the likes.
I always convince my clients that WordPress really is the right choice, you just have to know what you are doing, and I want to do the same for you now.
The hackpossibilities in WordPress
Sure, you can hack WordPress. But you can do that with Joomla, Wix, and whatever too. Even oldschool HTML isn’t completely safe (and oldschool for a lot of reasons). WordPress was a lot easier to get hacked when it was still in preschool and wasn’t being used by half the world for their websites. They have grown up but their hackable image stayed unfortunately.
So WordPress got a lot harder to hack, but it still happens. Hackers like a challenge… So how can you make sure your website won’t get hacked?
Update your WordPress and theme regularly. When WordPress finds new vulnerabilities they release a new version that fixes this. So by updating your WordPress you are making it harder on hackers.
Don’t use ‘admin’ as your login
Come on, we all know admin is the go-to name when you make a login. And you know what, so do those hackers! So remove the ‘admin’ role (or don’t make it in the first place) and make your login name something harder. Don’t go with the same name as your url either…
Use strong passwords
Just as you shouldn’t use ‘admin’ as your login name you shouldn’t use 1234 as your password. Use a strong password that is hard to guess. The best passwords are 4 words in one sentence that are totally not related. Something like ‘catscissorsquotecamera’ though you will also need to insert a number and capital somewhere 🙂
Use supported themes
Not all themes play nice. Some are written by people who don’t know how to keep your website safe. However there are a lot of paid themes that know exactly what they are doing and, just like WordPress, any vulnerabilities are quickly detected and fixed. So use a supported theme. Extra benefit: you get support when you get stuck.
Don’t use plugins of manufacturers you don’t know.
Oh gosh, there are so many awesome plugins out there that do exactly what you want. And then there are so many others out there that may look ok, but that harm the integrity of the WordPress platform leaving you vulnerable to hackers. Some plugins are even made especially to leave holes in the software so you can get hacked. So always check the maker of the plugin. Did he make more plugins? Does he have a high rating? Did a lot of people download it?
Use a security plugin
There are plugins out there that secure your website for you and defend you against attacks. I use iThemes Security for my clients and they have already locked out quite a few culprits that were trying to log in. Set your security so that people get blocked or timed-out after a certain amount of log-in tries. Don’t let people log in in the middle of the night (unless you know your client really wants to log in at 4 in the morning…)
These security plugins also help do the hard stuff and tell you how to make your site even safer.
Oh and don’t forget to make regular backups so that when you get hacked, you can just put an older version of the site back and you are good to go. Backups are great for more reasons then just this one but it’s one where you rather want to be safe then sorrow.
Do you have an extra tip for keeping your WordPress website safe?