Securing and Protecting Your WordPress Site

No one wants to be responsible for ruining everyone else's good time. No one wants to be taken advantage of, either. By taking extra care to secure and protect you can make sure neither happens to you.

If you don't secure your WordPress® (or any other CMS) site, you're opening yourself to being hacked. It's easy to think, "My site's so small, no one could even find it to hack it in the first place." Unfortunately, that's entirely untrue. We see both small and large sites suffer security breaches all the time — most of which are preventable.

Once hackers compromise your site, they'll squat on it for a while, inserting malicious code without you ever noticing. Then, when the timing's right, they use your site to start launching Distributed Denial of Service attacks against other sites! These attacks will either slow down the target sites or bring them down all together.

If you're on board (and we hope you are), there are a few simple things you can do to secure and protect your WordPress or other CMS site::

  • Update, update, update — Keep all of your software (for example, WordPress and its plugins) up-to-date. Log in at least once a month and patch any software that needs it.
  • Look for strange activity — If you see plugins you didn't install or users you didn't create, remove them immediately. They're likely part of your account's security breach.
  • Secure your site with plugins — You can stop a lot of attacks on your site with simple plugins like Limit Login Attempts.
  • Use secure, unique passwords — You don't need to give away the keys to the kingdom if one of your passwords gets compromised. Using a different, strong password for each of your sites gives you another layer of security.
  • Don't log in on public Wi-Fi — While the free Wi-Fi at Starbucks is great, it's also easy for hackers connected to it to compromise your passwords.
  • Talk to your partners — A chain is only as strong as its weakest link. Even if you follow all of the steps we've mentioned here and one of your partners doesn't, your site is still highly susceptible to security breaches.