Monday, December 2, 2019
Why You Need to Improve WordPress Security (And How to Do It)
WordPress popularity is both a blessing and a curse. On the one hand, its users have access to a gigantic library of tools to help enhance their websites. On the other, it presents a very attractive target for malicious attacks. Thats why learning how to improve WordPress security is essential.(Chart by WordPress Charts and Graphs Lite.)It sounds like a complicated subject ââ¬â especially if you dont have a background in web development ââ¬â but its actually relatively simple. In fact, a few simple tweaks here and there are often enough to dramaticallyà improve WordPress security.In this post, well present four tweaks to improve WordPress security of your website, including step by step instructions, and what makes each of them so important to your websites safety. Lets get started!Why you need to improve WordPress securityAs we mentioned, WordPress popularity paints a giant target on its back when it comes to security. This isnt to say if you use it, you will face security breaches, but its always a possibility.Some of the most common sources of WordPress vulnerabilities include:Not backing up your files. Backups are vital from a security standpoint. If you ever run into a serious security issue, having a recent backup of your site can save you lots of headaches.Vulnerable login pages. Unsecured login pages are the most common target for WordPress attackers. A good start here is to maintain high standards when it comes to username and password complexity.à Reusing passwords or setting simple ones is a bad idea in general, but doubly so when it comes to WordPress.Using the default database prefixes. This is another common attack vector for WordPress, and theres noà reason to stick to default database prefixes on new installs.Outdated core files, themes, and plugins. This one is pretty simple to tackle. Dont install unnecessary themes or plugins, and discard those that havent been updated in a while.As you can see, most of the items on this list ar e pretty simple to deal with. A little common sense will get you far, but were fans of going the extra mile ââ¬â so lets discuss how to tackle each more thoroughly.4 simple steps to improve WordPress securityWe want to keep things simple, so well be introducing you to several tools you can employ to protect your site from each vulnerability. When possible, well also link to more advanced resources for your peace of mind. Lets get right to it!1. Set up a backup solutionSetting up good backup solution should always be one of your first steps after installing WordPress on a new site. Your web host might provide you with an internal solution in some cases ââ¬â if youre not sure whether yours does, take a look at your sites cPanel or contact their support team.Either way, we still recommend that you set up a backup solution of your own, since this will provide you with a greater degree of control. Weve talked about backup pluginsà in the past, but if you want a reliable and fre e solution fast, you can go with UpdraftPlus: UpdraftPlus WordPress Backup Plugin Author(s): UpdraftPlus.Com, DavidAndersonCurrent Version: 1.16.17Last Updated: September 12, 2019updraftplus.1.16.17.zip 96%Ratings 29,914,741Downloads WP 3.2+Requires After installing the plugin, a new option will appear under Settings on your WordPress dashboard. Here, youll have access to the three functions that lie at the core of UpdraftPlus ââ¬âà Backup Now,à Restore, andà Clone/Migrate:Selecting the Backup Now option will prompt you to choose whether to include your database and media files:Once youve clicked Backup Now, and waited a few moments, ità will appear on your main backup list, and youll have the option to use the Restore function if necessary. Easy, right? In only a few minutes, youve took the first crucial step inà making your site more secure.2. Secure your login pagesBefore we dive any further into this topic, we want to reiterate that secure usernames and pas swords are the most basic measure you can take to improve WordPress security. Dont useà admin as your username, and consider using a password manager if you dont want to memorize a complex password.Moving on, when it comes to more advanced measures, there are three steps you should take:Limit the number of possible login attempts, whichà makes it harder for attackers to brute-force their way in.Enable CAPTCHAsà to combat bots.Employ a two-factor authentication solution.The Wordfence security plugin helps withà stepà oneà by enforcing good login security practices: Wordfence Security Firewall Malware Scan Author(s): WordfenceCurrent Version: 7.4.0Last Updated: August 22, 2019wordfence.7.4.0.zip 96%Ratings 135,846,747Downloads WP 3.9+Requires It also includes a number ofà other features, which warrant further attention. Whileà not the only option, its one of the top security plugins currently available.3. Modify the default database prefixWhen installing Word Press, you have the option to set a custom database prefix. This is a solid security practice, but easy to overlook if youre not aware of the security downsides:Modifying the prefix of an existing install is a bit more complicated since it involves tinkering with your wp-config.php file, but it can be done. DigWP goes in depth into the process ââ¬â its lengthy, but easy to follow. Of course, if you followed step one, youll have a good clean backup in case you need to roll back.4. Manage your update settingsWeve already touched onà keeping your WordPress core files, themes, and plugins up to date. Plugins are the most complicated of the bunch ââ¬â a lot of sites tend to go overboard with them, which can make updateà management a hassle.Instead of constantly monitoring your plugins for availableà updates, we recommend using a tool to do it for you. Our favorite is Easy Updates Manager, which enables you to turn on automatic updates for your entire site: Easy Updates Ma nager Author(s): Easy Updates Manager TeamCurrent Version: 8.1.0Last Updated: October 17, 2019stops-core-theme-and-plugin-updates.8.1.0.zip 96%Ratings 2,544,808Downloads WP 4.6+Requires Best of all, this plugin includesà micromanagement options, enabling you to choose which parts of your site should update automatically. The plugin provides you with a simple control screen, which letsà you toggle these options on or off with a single click:ConclusionWordPress is an amazing solution, but its popularity makes it aà target for malicious attacks. While using WordPress doesnt necessarily mean your site will come under fire, its always good to follow best security practices.In this post, weve presented four tweaks that can help harden your site to the point where security worries (almost) become a thing of the past. Lets go over the stepsà one final time:Employà a backup solution.Secure your login pages.Change the default database prefix.Manage your update settings.Do you have any questions on how to improve WordPress security? Is your site secure? Feel free to speak up in the comments section below!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.