Most people are happy enough to have their site live on the web, but far too few follow some basic WordPress Security Tips.
This is an evolving list and will never be finished, so I’ll continue to update it with new plugins, software, and tips to help you keep your WordPress site safer.
Why should you care about WordPress Security? If you don’t, then your site can become an easy target for hackers, spammers, and other nefarious types.
What’s the worst that can happen if you don’t care? Hmm…your hosting account can be cancelled without refund, your site could be taken offline, your domain could be placed on a blacklist as a SPAM server, someone could gain enough information to steal your identity, and possibly even legal issues.
Really? All of that could actually happen? Yes to you, BUT there’s good news.
Whew. A few simple things can put your mind at ease.
Here are my top 5 WordPress Security Tips:
- Install a security plugin like WordFence. The free version is seriously amazing and is what I use. You can install it within WordPress plugins “Add New…” by typing “wordfence” (no quotes) in the search window. You can read more about it here: https://wordpress.org/plugins/wordfence/
- If you’re on a Linux host, then add this line to your .htaccess file:
Options All -IndexesWhat does it do? It prevents anyone from browsing your Uploads and other folders to see what’s in them.
- Your Administrator accounts username should NOT be “admin” or “administrator” – these are very common and hackers look for them. You should name these things like “mysiteadm” or similar.
- All accounts MUST have complex passwords. What’s that? A password like this: 7&!e@G5ey%Fx
Wait – I can’t remember that. Solution – store your password using one of the many password managers.
- Keep WordPress and all plugins updated to the latest versions.
There are far more security precautions that you can take, but these 5 things alone will make your site more secure than most out there.