7 Easy Ways to Protect WordPress Sites from Hackers

WordPress dashboard on laptop
WordPress sites are highly targeted by hackers.

There used to be a time when hacking was seen as a difficult skill that only evil coders in dark, solitary rooms could pull off. However, we’re no longer in that cyber era. Nowadays anyone can be a hacker, and most hackers can easily access and attack vulnerable websites. In fact, these days hackers can break into target systems within 12 hours. So as much as you may try and avoid it, you’re more vulnerable to attacks – especially if using a widely used CMS like WordPress.

But fortunately, the great thing about using an accessible CMS like WordPress is that there are also some easy precautions you can take to keep your site away from hackers. Here are our top 7 tips:

1. Rename Your Login URL

Wordpress sites are by default accessed via “wp-login.php” or “wp-admin” on the site’s main URL. Because of this standard, hackers are able to use brute force to login and attack, possibly defacing your entire website. Try changing it to something unique that a hacker will find too much of hassle to crack, like “new_login” or “my-login-page”, with a plugin like Custom Login URL.

2. Change Your Password…Now!

To take it a step further, your admin password needs to be secure. Make sure it is a minimum of eight characters, both upper and lowercase. Additionally, you should use a mix of letters, numbers, and symbols. But don’t stop there – be sure to change your password every two to three months. And never, ever use the default username and password that you are given for your hosting account.

3. Install All Updates

Make sure you are installing any updates you get from WordPress. Although the amount of updates may seem cumbersome, these often contain security patches that can protect you. To make life easier, enable automatic updating for core updates by adding this line of code to your wp-config.php file:

define('WP_AUTO_UPDATE_CORE', true);

4. Delete What You Are Not Using, Keep What’s Important to You

If you have unused images or plugins in your account, delete them permanently. Not only do they slow down your site, but files that haven’t been deleted properly can be vulnerable to attack. For files that you know are important, your best defense is to back up your files on a regular basis. Delete old backups to save space. Additionally, be wary of free WordPress themes out there as hackers have been known to insert malicious code into free themes. Use one of the free designs by WordPress instead!

5. Limit the Powers You Give Contributors

While having guest writers on your site or blog can be a great way to amp up your readership and SEO, it can be dangerous to give them too much access. While they may be well-meaning, security should be kept to a select group of administrators. When you add users to your site, make sure you’re clear on what each user role means. Think about making temporary accounts, temporary passwords, or simply uploading them yourself manually.

6. Switch that HTTP to HTTPS (SSL)

Standing for Hypertext Transfer Protocol, HTTP sends over data packets through the web through a request-response protocol. HTTPS, however, adds on SSL (Secure Sockets Layer). SSL will encrypt your data so that your information has an extra layer of security in place. SSL can get pricey, but thankfully there are free options available, like Let’s Encrypt. Cloudbric also offers free SSL, with automatic renewal!

7. Only Choose Secure Hosting

And because we’re human and imperfect, use a secure hosting company to ensure a catchall in case you missed something. While there are free and paid hosting services, look into what security measures they offer. If they don’t utilize extra security measures, there are a variety of web based services designed to secure your site. Ours is free for up to 4GB and helps in preventing web attacks as well as mitigating DDoS, on top of providing free SSL. Remember, security doesn’t have to be expensive, but it does have to be comprehensive.

These are tips that anyone, with or without IT experience, can apply to their WordPress website. Although it may seem like a hassle, remember that every security step you take puts another hurdle between you and a potential cyber attack. Put these seven hurdles between you and a hacker today, and keep up with our blog to continue learning how to build up your security.