WordPress is a tricky beast, there’s no getting around it. If you’ve never used it before (and even if you were raised on it) there are still innumerable lessons to learn the hard way.
You must have also ready my previous post on WordPress Security Tips For Beginners In 2019. So this week i would like to talk on various do’s & dont’s of wordpress security. Hope this post will help you get more insights into wordpress security.
Whether you spend hours researching why your content isn’t displaying on search engines or lose your hair when dealing with the notorious white screen of death, WordPress doesn’t always make it easy for you to figure out that it was some small error on your part. Luckily, we’ve been through the ropes and have been continuously documenting the beginner errors we’ve made over the years.
Protect your WordPress website with these WordPress security basics! Review the do’s and don’ts of basic WordPress security It gives you peace of mind and can save you from a disaster.and some of the stumbling blocks that you need to keep an eye out for. Feel free to comment below and we’ll add your tip here as well!
Your first instinct when you hear the word “hacked” might be to freak out. Don’t! The huge majority of the time, a hack doesn’t actually destroy your site or your brand. The good news is that we can probably fix it relatively easily.
Find a reputed online wordpress malware scanner and scan your website for common WordPress security vulnerabilities which can be misused by hackers any time in future, if not yet. Find out the root cause which lead to hacked wordpress. There are many wordpress security services available online these days.
DON’T: Choose the wrong WordPress.
It’s definitely confusing, but there is a big difference between WordPress.com and WordPress.org. If you’re looking to start a small, personal blog for free then WordPress.com is the way to go. If you want control of your website and want to use it for business, then WordPress.org is definitely your technology of choice.
DON’T Assume Your WordPress Site Is Already Secure
One of the biggest mistakes we do is to assume that our WP site is secure, until and unless we see any drop in traffic or any suspicious behaviour. But nowdays hackers are very intelligent, they can infect your website without letting you know and the malware can be hidden in your WP core for years. Best way to find out is to SCAN your WP site. You can use Wordfence, Sucuri or WP Hacked Help .
DO Install SSL or Let’s Encrypt Certificates
Installing an SSL certificate on your domain is easy and you can do it for free. SSL or secure socket layer certificates protect the connection between your WordPress site and its visitors. You can buy inexpensive SSL certificates or add Let’s Encrypt certificates to your domains for free. pair makes it easy to access and install SSL and Let’s Encrypt certs to your site. You can do it right from the dashboard of your pair WP hosting account.
DO Install a WordPress Backup Solution
Just in case the worst happens, and a hack destroys your site, having a good backup solution in place can be a lifesaver. Many hosting plans, such as Godaddy’s Managed WordPress hosting, Host & Protect or WPEngine, offer automatic backups.
DON’T: Install WordPress in the /wordpress subdirectory.
If you want WordPress to appear as the homepage to your website, it’s best to leave WordPress installed at the root of your server. Without knowing any better, many people add WordPress to the ‘/wordpress’ subdirectory (instead of just ‘/’ for the root) and their pages will now load at www.example.com/wordpress.
DON’T Give Admin Access to Users You Don’t Trust
Only give users you trust admin access to your WordPress site. You can give users different admin roles with varying permissions to limit their activity. Setting admin roles will give users access to the areas and tools they need without allowing free range. Too many users with complete control of your WordPress site increases security risk.
DO Keep Your WordPress Site, Themes, and Plugins Updated
The simplest and most direct way to protect your site, just as yous would with your personal computer, is to keep it up-to-date. Install the latest plugin versions and keep WordPress updated. WordPress, by its nature, is a pretty secure CMS solution. There are regular security updates constantly, and the only way to take advantage is to keep everything updated.
DON’T Install Unreliable Themes or Plugins
DO Find a Reliable Web Host
One of the biggest mistakes new website owners do is buy cheap hosting from the wrong companies. The most notorious example is buying hosting from a domain registrar like Godaddy – akin to buying sushi at an Italian restaurant. Research this choice heavily as it will impact your site speed and security immensely.
One of the biggest benefits that you can receive from the right hosting provider is a significant performance boost for your WordPress site.
It’s no secret that page load time is vital for the success of your business. Whether you produce content or want to sell a product on your website, the speed of the information delivery can make the difference between gaining new customers or losing them to your competitors.
DON’T Use the Same Password Everywhere
It turns out that most of us use the same passwords over and over across multiple sites. This is really bad for us, and really great for hackers. Change your passwords now! Remember to create a strong password.
DO Remove Unused Logins and Plugins
DON’T Keep Default “Admin” Username
WordPress is prone to brute-force attacks. If you keep the ‘admin’ username, hackers will have a very easy time guessing the username because it’s the default! This pushes them one step closer to guessing your password and breaking in to your site. Change the default username to something unique and never share it with anyone. Hackers almost always go for the default “admin” on the first try. In fact, many security plugins simply ban anyone who fails to login using “admin” because of this. If you’ve got an “admin” user on your WordPress site, you should change your username immediately.
DON’T: Use the default favicon.
A favicon is the tiny icon that appears in the tab of your browser, next to the page title. It’s used for quickly identifying what website the tab has loaded. It’s important to upload a unique favicon – especially replacing default hosting favicons – so you’re visitors see that you’ve taken that extra step.
DON’T: Leave the default widgets on your site.
By default WordPress comes with some default widgets. This helps you perform basic actions such as videos, text, images and a lot more. Very few of these widgets are actually utilized. With all the unnecessary widgets things will get messier and it will become difficult for you to find the one you actually want to use.
Get rid of these unnecessary widgets. You can unregister a widget that you don’t want to use. These unregistered widgets won’t appear in your widget lists again.
Did I Miss Anything?
Have you made a WordPress mistake that doesn’t appear on our list? Do you want to help other site owners avoid the same errors you’ve made? Comment below and i’ll add it to the list!
Created a simple info graphic below. Just have a peek at it.