quick-simple-tips-for-wordpress-security

Play
With high profile security incidents becoming more and more prevalent, it is essential for you to take some simple steps to protect yourself from hackers.

In today’s Podcast Episode and post, you will get several simple WordPress security tips from not just myself, but several community members that have either been hacked previously or have taken proactive steps to protect their sites.

Be sure to subscribe and listen to today’s Podcast Episode via one of the links above, for 2 additional bonus tips not mentioned below.

Simple WordPress Security Tips

Always Use Domain Privacy – If you don’t, you’ll not only get inundated with spam from people selling services, but you will also be subject to additional scams, phishing attempts and others trying to trick you into transferring your domains over to them.

For domain registrations, I recommend you keep them separate from your hosting account and I utilize and endorse NameCheap. They are my go-to choice for inexpensive registrations and just as importantly, consistent and inexpensive renewals. They provide free domain privacy when you register a new domain name.

Set Domains For AutoPay – This isn’t necessarily a security tip, but it was a good tip from a community member to avoid losing your important domain assets and prevent yourself from being subject to scammers.

People are always watching for expired domains and they can purchase your domain names if they expire and try to sell them back to you for highly inflated prices. At a minimum, stay on top of your domain renewals and be sure to renew them in advance to avoid being hijacked.

Change Your WordPress Login Account / Password – One thing I always recommend when installing WordPress is to not only make your password unique and highly secure for each of your websites, but also change the default account name from admin to something else.

When hackers attempt brute force login hacks on your website, they will most likely be trying the default admin account, since most people probably do not change it from the default.

Changing the default account is easy to do during the WordPress installation, but a little more difficult after the fact. There are some manual ways to do so, but I’d recommend using a plugin like Username Changer to make things easier. Then when you are done, just uninstall the plugin.

And also, be sure to have different accounts/passwords for each of your websites and do not you not utilize a password that you use for other online accounts.

These days it is becoming more and more common for user names and passwords to end up being released to hackers on the “dark web”.  Some high profile hacks of accounts and passwords include LinkedIn and Yahoo Mail.

When lists like that become public, hackers can attempt to connect your account/passwords with other sites such as financial sites and other assets you might have like websites and online businesses.

For that reason, I highly recommend you have a different username and password for each of your websites and keep them completely different from any other account/password like email, bank accounts, etc.

Always Install a Plugin That Limits Repeat Logins – Brute force login attacks are one of the most common ways people will attempt to hack your website. They will hit the login page of your website over and over, trying known or obvious login/password combinations.

A plugin which limits login attempts can block repeated attempts from the same source, in an effort to prevent login related hacks.

There are lots of different plugins out there that can help with this one. It’s always best to limit the number of plugins that you utilize, to keep your sites running faster and the less plugins you have, the less you have to keep up to date.

The JetPack plugin from the folks at WordPress is a popular plugin for a number of different things and it has a security module that will limit login attempts. If you’re already using JetPack for other things like optimizing images, related posts, social sharing or some of the other features, this would be a great way to limit login attempts as well.

Utilize 2 Factor Authentication – Another way to limit brute force login attempts is to utilize 2 Factor Authentication. I’m sure most of you are aware of what that means, as many of your financial institutions and more and more other companies are requiring 2 Factor as part of your normal login routine.

This typically means that the company will either send you a unique PIN to a separate email account or mobile device or have you use a free app like Google Authenticator, as a second way of verifying you are who you say you are.

The JetPack plugin provides also provides a free way to enable this for your WordPress website.

Take Regular Backups and Store Them Offsite – Backups are essential for a number of reasons, but being able to restore your site in the event of a hack, ranks right up there.

What I mean by storing them offsite is that you set your backups to write to a location that is external to where your website is located. Most of the main backup and restore plugins help you do that with just a simple click or two.

I utilize and recommend the UpdraftPlus Backups plugin for this. You can easily store your backups offsite for free with their built-in integration with tools like DropBox, Amazon S3, etc.

With UpdraftPlus you can schedule recurring backups and I definitely recommend you do so, as a set it and forget it type thing for peace of mind. I also recommend taking backups after you create any new content or before updating WordPress and plugins.

Update WordPress and Plugins Often – One of the most important steps after securing your login/password, is to make sure you regularly update WordPress, plugins and themes. That is very easy to do inside your WordPress dashboard, as there is an “Updates” button inside the Dashboard towards the top.

wordpress-updates

I recommend taking a full site backup prior to installing any updates, as there is always a slight chance that an update can cause issues. Having a full backup will allow you to restore things to the way they were prior to any updates.

Jeff from the community recommended at least monthly updates, but I take things a step further and say to backup and update your site any time you publish new content. If you publish content daily, that might be a bit excessive, but I’d recommend at least doing updates every other week, to close any security holes that might pop up.

Check Plugins Details for Last Update – This is an important one that is often overlooked. Checking to see if your plugins are still being maintained is just as important as keeping them updated.

When you go to the Plugins tab in your WordPress dashboard and select Installed Plugins, you will usually see a “View Details” or “Visit Plugin Site” link.

Click that and check to see when the plugin was last updated.

wordpress-plugin-view-details

If the last update date for the plugin was over a year, I’d highly recommend you search for a different plugin to accomplish what you need. Ideally you’re looking for a plugin that is updated weekly or monthly, to not only fix any bugs, but also to fix any security vulnerabilities that crop up.

Don’t Go With the Cheapest Bottom Dollar Hosting Company – Jeff found this one out the hard way after his site was hacked twice in 1 week several years back, due to no fault of his own.

Pay a bit more. Why? Because the bottom-dollar companies probably don’t have the funds to reinvest in infrastructure and security, or they’re just a re-seller and the infrastructure isn’t theirs anyway.

Always look for a good deal, but utilize companies with a proven track record, that people that you know personally have been very happy with over time.

webhosting-hub-best-hosting

The hosting company that I have utilized with success for over 7 years is WebHosting Hub. They have fast, secure and reliable hosting along with excellent 24/7 customer support, which is so important in the event you have any issues and need assistance.

Several members of the community have either signed up with Webhosting Hub as a new customer, or utilized their free transfer service to transfer from a host that they were unhappy with over to Webhosting Hub and I’ve heard nothing but good things since.

A bonus is that their rates are very competitive and I’m able to provide a discount that is not available to the general public, for being a member of the Niche Site Tools community.  Through my discounted affiliate link you will always get the lowest rate currently available and will be in good hands.

Install a Security Plugin – Having a security plugin is essential when scanning to see if your site has been hacked, but it is an excellent tool to have enabled to help you identify any future issues right away.

There are several different well known plugins for this, two of the most popular are Sucuri and WordFence.

I installed both of them on all my sites prior to doing this post for review purposes and I think most of you will find Sucuri does a great job for helping identify if your site has any hacks or malware in place currently and in addition, they help you identify additional proactive steps to take.

For instance, when I first installed the plugin and scanned my sites, none of them had any current hacks or malware, which is always good. However, in the lower right they listed many recommendations for exactly how to increase security and plug potential threats that hackers have been known to take advantage of.

In addition, I immediately started to receive email updates anytime I logged into one of my websites, any time I updated a post, etc. That is helpful to know right away, in case someone does gain access to your site and makes unauthorized changes. That is fully customizable.

I found that WordFence was also helpful, but I needed to manually get an API key before I was able to scan my sites and it just wasn’t as user friendly as Sucuri.

However, if you are someone that is very tech savvy and is looking for more detailed and granular features, WordFence seems to provide a lot more in-depth features, but many of them will require an upgrade to their premium version.

If you find yourself in a situation where you suspect your website is hacked, here is a full step by step post from Sucuri on exactly how to clean a hacked WordPress website.

Conclusion

Today’s post and Podcast episode were a direct result of hearing about a recent hacking event that a community member Chad went through, along with tips and suggestions from another community member Jeff who has been hacked 2x in one week several years back. Thanks also to Jeff for some great tips and suggestions.

We can’t always prevent every possible security event from occurring, but having an excellent proactive hosting company like Webhosting Hub, along with following the steps above can go a long way towards helping to prevent many of the most common hacking attempts.

Note, some of the links above may be affiliate links and if you click through and make a purchase, I may receive a commission, at no additional cost to you. 

{ 0 comments }

Cheaper Alternatives to Long Tail Pro

Due to a recent pricing increase for Long Tail Pro, from a one time fee to a more expensive monthly/annual subscription model, several folks in the community reached out to me, asking if there are cheaper alternatives that I recommend. If you are in a hurry, you can go right to my choice for the […]

6 comments Read the full article →

Cease and Desist

In this week’s Podcast Episode, I provide full details from a “cease and desist” email that I received this week. I ended up having to shutdown one of the websites that I talked about on the very popular Episode: How to Rank and Rent or Sell a Website For Profit. This will be the last Episode […]

0 comments Read the full article →

New Cyber Monday 2017 Deals Podcast

In today’s Podcast episode, I bring you some brand new deals that weren’t mentioned in my special email that went out to subscribers for Black Friday. These are some great deals, hot off the presses, many of which will only be live until the end of today.  On the Podcast, I provide a full breakdown […]

0 comments Read the full article →

Top Things To Be Working on Now In Your Online Business

The holiday season and end of year are fast approaching and there are things you should be focusing on right now, in your online business. Be sure to listen in to today’s Podcast Episode for full details and thanks for being a valued member of the Niche Site Tools community! Podcast: Play in new window […]

0 comments Read the full article →

Most Popular Posts and Podcast Episodes

In today’s Podcast Episode, I detail the most popular resources on the site, taken straight from my most recent Google Analytics stats from the past year. These are some great resources that many folks refer back to quite often. These Posts and Episodes can definitely help get you started and help you achieve success with […]

0 comments Read the full article →

5 Tips You Need to Know Before Buying a Website

When purchasing a website, it is important to do your due diligence before making a purchase. In today’s Episode of the Niche Site Tools Podcast, you will hear all the details on what to look out for, along with some free tools you can use to check websites out prior to making a potential purchase. […]

0 comments Read the full article →

Importance of Consistency and Transparency

In today’s Podcast I wanted to shorten things up a bit from last weeks episode and talk about the importance of consistency and transparency in all of your online projects and really, life in general. Be sure to listen in for full details and there is also a bonus mention of a free tool that […]

0 comments Read the full article →

Web Hosting Hub Reviews & Special Discount

Get Over 50% Off Today – Exclusively for NicheSiteTools CustomersWebHosting Hub – 50%+ Off Special Discount WebHosting Hub is the company I have utilized to host my websites for 5+ years. When choosing a hosting provider, you want to be sure that you pick one that is fast, reliable and ideally, inexpensive as well.  WebHosting […]

0 comments Read the full article →