WordPress is the most popular Content Management System (CMS) and powers more than 30% websites. However, as it grows, hackers have taken note and are beginning to specifically target WordPress sites. No matter what types of content your site provides, you are not an exception. If you don’t take certain precautions you could get hacked. Like everything technology related, you need to check your website security.
In this tutorial, we will share our 10 Best Tips to keep your WordPress website secure.
1. Choose a Good Hosting Company
The simplest way to keep your site secure is to go with a hosting provider who provides multiple layers of security.
It may seem tempting to go with a cheap hosting provider, after all saving money on your website hosting means you can spend it elsewhere within your organization. However, don’t be tempted by this route. It can, and often does cause nightmares down the road. Your data could be completely erased and your url could begin redirecting somewhere else.
Paying a little bit more for a quality hosting company means additional layers of security are automatically attributed to your website. An additional benefit, by using a good WordPress hosting, you can significantly speed up your WordPress site.
While there are many hosting companies out there we recommend Namecheap or HostGator. They provide many security features, including daily malware scans and access to support 24/7, 365 days a year. To put the icing on the cake their price is also reasonable.
2. Don’t Use Nulled Themes
WordPress premium themes look more professional and have more customizable options than a free theme. But one could argue you get what you pay for. Premium themes are coded by highly skilled developers and are tested to pass multiple WordPress checks right out of the box. There are no restrictions on customizing your theme, and you will get full support if something does go wrong on your site. Most of all you will get regular theme updates.
But, there are a few sites that provide nulled or cracked themes. A nulled or cracked theme is a hacked version of a premium theme, available via illegal means. They are also very dangerous for your site. Those themes contain hidden malicious codes, which could destroy your website and database or log your admin credentials.
While it may be tempting to save a few bucks, always avoid nulled themes.
To ensure that you don’t use nulled Themes, I’ve provided 5 Premium WordPress Themes I’ve purchased and used in the past 2 years…themes that will make your Website look like a Million Bucks!
If you’re also interested in Blog Themes, I’ve got something for you here!
Bottom Line…NEVER USE NULLED THEMES!
3. Install SSL Certificate
Nowadays Single Sockets Layer, SSL, is beneficial for all kinds of websites. Initially SSL was needed in order to make a site secure for specific transactions, like to process payments. Today, however, Google has recognized it’s importance and provides sites with an SSL certificate a more weighted place within its search results.
SSL is mandatory for any sites that process sensitive information, i.e. passwords, or credit card details. Without an SSL certificate, all of the data between the user’s web browser and your web server are delivered in plain text. This can be readable by hackers. By using an SSL, the sensitive information is encrypted before it is transferred between their browser and your server, making it more difficult to read and making your site more secure.
For websites that accept sensitive information, an average SSL price is around $70-$199 per year. If you don’t accept any sensitive information you don’t need to pay for SSL certificate. Almost every hosting company offers a free Let’s Encrypt SSL certificate which you can install on your site.
4. Use a Strong Password
Passwords are a very important part of website security and unfortunately often overlooked. If you are using a plain password i.e. ‘123456, abc123, password’, you need to immediately change your password. While this password may be easy to remember it is also extremely easy to guess. An advanced user can easily crack your password and get in without much hassle.
It’s important you use a complex password, or better yet, one that is auto-generated with a variety of numbers, nonsensical letter combinations and special characters like % or ^.
If you have difficulty remembering your passwords, just like I do…I recommend you can save them on Google Passwords or LastPass.
5. Always Backup your Website…Always!
The most sensitive part of any WordPress site is the database. Plugins can be added back, themes can be re-installed, but if your WordPress database gets hacked or is corrupted then you are in big trouble. The database is where all the irreplaceable stuff is kept. Your posts, your pages, your content, your comments, everything that makes up your WordPress site is in the database. I recommend you use a premium Plugin called BackUP. With this plugin, you can easily and automatically back up your WordPress database and restore it to any point in the past that you like.
If you have a WordPress site this is something you absolutely need and best of all it’s my free gift to you! Don’t let all the work you put into your site go to waste because some hacker crashed your site or your database got corrupted.
