Secure Your WordPress Site

There are millions of WordPress sites online currently. This makes it a big target for hackers, as an exploit can mean a large amount of sites can be attacked.

Now I’m no security expert and by no means is this everything you should do, but I think I have the basics down and these are my minimal recommendations for all self hosted WordPress sites.

Security Tips

WordPress Updates

Always keep  Wordpress installations up to date. Not only to these add nice new features they also fix bugs that could otherwise leave your site vulnerable to hackers.

Passwords

All passwords should be long and complex. This means they should be 14+ characters and contain letters (upper and lower), numbers & symbols for maximum protection.

Here is a site to generate random passwords: http://passwordsgenerator.net/

Plugins

A lot of sites install plugins, use them for awhile, maybe disable them and then forget about them. Verify the plugins are legit as well before installation, they make be fake or contain malicious code.

  • Unneeded plugins may be a security risk. Remove any unused plugins from your site.
  • Plugins that are not kept up to date may become or be a security risk
  • Remember another plugin is another thing that can be exploited so don’t go overboard with plugins.

One plugin I strongly recommend is iThemes security (formerly Better WP security). It provides a large range of various security options to help protect your site from known and unknown attacks. It is light on system resources and can help reduce spam. It can take a bit of configuration and not all the settings will suit every installation, be careful and test them carefully.

http://wordpress.org/plugins/better-wp-security/

Themes

The same goes for themes as it does for plugins.

CloudFlare

This is an excellent DNS service with security and CDN functions. http://www.cloudflare.com/

  • It protects your origin server by hiding your IP address, this prevents hackers from directly accessing your servers.
  • It filters out known attacks and spammers reducing the chance of your site getting hacked.
  • It speeds up the experience for visitors. Images and static content are cached globally around the world in its CDN.
  • The CDN helps save your server bandwidth. Less bandwidth usage means less server load and less cost. Win win.
  • Best of all it is completely free! There are also paid plans but the free plan will be good for the majority of people.