WordPress Website Security 101

4 Quick Steps for securing Your Website Against Attacks

The best thing about the WordPress platform is the fact that it is open-source – this means that it is not only free to use, but that a community of hundreds of thousands of people around the world are constantly developing new tools, functionalities and plugins that can be easily installed onto a website (often for free) with a click of the mouse. The worst part about the WordPress platform is that this often leads to higher levels of hacking and security attacks on the platform – because the source code is readily available, those who are inclined to do so, can download it and look for holes or soft-spots through which they can enter your website.

But never fear! There are some simple steps that you can take as a website owner that can drastically reduce the chances of your website getting infiltrated and increase your WordPress website security.

Why do websites get hacked?

There are few different reasons why websites get hacked – sometimes it is just for the fun of it but often it is to exploit the website’s resources. E-commerce websites along with websites that have large databases of users and sites that generate large quantities of traffic are more at threat of being hacked. This is because the attacker (who actually often a ‘robot’ btw, that searches the internet looking for WordPress websites and then poking the ‘soft-spot’ to see if they can get in), wants to steal your user database or redirect your large quantities of website traffic to their own websites.

What can I do to stop the attacks?

You cannot stop the attacks. The best you can do is protect yourself against the attacks and make it harder for them to penetrate your site. I have outlined my top 4 steps for protecting your WordPress website against security attacks below:

  1. Strong Username and Password – This one is pretty straight forward, yet commonly overlooked. It is not enough to just have a strong password; you also need a strong username. If your username is ‘admin’, the name of your business or your own name, then login and change it now.
  2. Update Your Plugins – When you login to WordPress and you see a little orange circle with a number in it next to the ‘plugins’ or ‘updates’ tab in the left side bar, that means that you have plugins on your website that need to be updated. Often, when the developer becomes aware of a hole or a ‘soft spot’ in their plugin, they go in and patch it up and then release an updated version of the plugin – updating your plugins as soon as you see them is the best and fastest way to reduce the amount of soft spots on your website.
  3. Backup Your Website – Every time you make any major updates your website, back it up. That way, if your site does get attacked the quickest and easiest way to remove the attack is to delete your site completely and then reload your backup (as long as the backup was taken before the site was infiltrated). I use a plugin called Backup Buddy to do my backups and I download and store the backup off-site, but you can usually also do a full backup through your cPanel, FTP or by requesting it from your hosting provider.
  4. Security Plugins – There are quite a lot of security plugins available that have different functionalities; some will change your login address (from the standard ‘/wp-admin’ to something unique that only you know), others will block IP addresses or failed login attempts (if someone tries to login with the username ‘admin’ unsuccessfully 3 times or more they will be blocked). I would recommend installing some of these, especially if you have been attacked in this manner in the past.

Please note, these four steps aren’t a fool-proof solution for website hacking – they will just reduce the chances of your site getting hacked by making it harder to so, and also ensure that you have a backup plan if your WordPress website does get attacked. If you’d like more info WordPress website security or would like to organise a consultation/training session where you’ll be taught how to implement these steps yourself, give me a call on 0413 844 190 or email me at bek@bekonstructivemarketing.com.au.

12 Comments

  • Jasa SEO

    Keep on writing, great job!

    • Bek

      Thanks Jasa!

  • radioheadtshirts

    Whats up this is somewhat of off topic but I was wondering if blogs use
    WYSIWYG editors or if you have to manually code with HTML.
    I’m starting a blog soon but have no coding experience so I wanted to get advice from someone with experience.
    Any help would be greatly appreciated!

    • Bek

      Hi Radioheadshirts,

      Depends on which platform you are using, but most CMS or blog programs will incorporate a WYSIWYG editor. WordPress, which is the platform that I’ve built my own website on and which is my preferred platform, has a WYSIWYG editor that also allows you to view the html code view – so you can build the page on WYSIWYG and then if you need to look ‘under the hood’ to fix any minor errors you can. There are also a tonne of great free plugins that add extra features like shortcodes and sliders to your WYSIWYG editor in available on the WordPress platform.

  • Melva Barrera

    Nice post. I learn something new and challenging on websites I stumble upon on a
    daily basis. It’s always exciting to read articles from other writers and use
    something from other sites.

  • Kologi Bygges

    Hey very nice blog!

  • IssacJMeloan

    I couldn’t resist commenting. Well written!

  • Desmond Latham

    I adore it when people come together and share views, great blog, keep
    it up.

  • Gary A Lackett

    Hi there! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Appreciate it!

    • Bek

      Hi Gary!

      Yes, there are heapppppps! My personal favourite is called SEO Yoast – it does all of the standard stuff like allows you to add in your meta data, plus it has a red/amber/green colour system that indicates how well your pages ‘may’ perform in Google. It also gives you tips and hints like adding more words to a page or improving its readability annnnnnnd it also allows you to add a separate set of metadata especially for social platforms.

  • Hammertoe

    With having so much written content do you ever run into any issues of plagiarism or copyright
    infringement? My website has a lot of completely unique content I’ve either authored myself or outsourced but it appears a lot of it is popping it up all over the internet without my agreement. Do you know any methods to help stop content from being stolen? I’d certainly appreciate it.

    • Bek

      Hi Hammertoe,

      Plagiarism and copyright on the internet are big problems – if someone wants to take your content and re-use it, there is not a lot that you can do to stop it to be honest. That being said, Google identifies this as being a big issue as well and does it’s best to identify the original author of content – if your content is time stamped and is three months older than someone who has copied or stolen your content then you are going to rank and the copycat version will not rank. Furthermore, if a website is made up of almost entirely stolen content then they will eventually find themselves onto Google’s blacklist, meaning that they will no longer rank in Google’s search engine results pages at all.

      When you do find your content being re-purposed, I would recommend reaching out to the website owner and letting them know that you are the original author and asking them to either reference you or to remove the content. A lot of the time, you may find that the website owner has employed someone else to create and load the website onto their website and has no idea that it is not original content – they have been lied to by a staff member or contractor who has told them that they wrote something original when really they cheated and pulled someone else’s content from the net. If you let them know it is yours, they will be happy to remove or at the least state you as being the original author.

Post A Comment