Tips for securing your WordPress website in 2019

By: Ben Hardy

Date: 24 June 2019

Two website designers work on a laptop and tablet to build a secure website

WordPress is a widely used Content Management System (CMS). But research suggests it attracts more hackers every year - around 90,000 attacks were attempted on WordPress sites every minute. This should put anyone with a WordPress sites on high alert.

Every week, Google blacklists around 50,000 websites for phishing and around 20,000 websites as a result of detecting malware. If you own a website, the last thing you want is for your website to be blacklisted. Why? Because blacklisted websites lose of 95% of their traffic.

Although the latest version of WordPress is much more secure than earlier versions, there are still a few security checks you should take to protect your WordPress site against hackers.

Key points to consider when securing a WordPress site

Owning a WordPress account brings with it the responsibility of securing the site from unwanted intruders. Here are our top tips for securing your WordPress account:

Choose secure web hosting

Web hosting is a service that allows your website to be posted on the internet. Your WordPress site should be optimized for performance and security and this includes ensuring that your site is hosted securely.  

You need to make sure that your chosen web host supports PHP 7 - the recommended PHP version for WordPress. If you opt for managed WordPress hosting, all the essential technical aspects - including security, backups, hosting, performance etc - are taken care for you. However, you should carry out detailed research to choose the right managed WordPress host for your site.

Install a firewall

Enabling a web application firewall (WAF) can block malicious traffic before it reaches your website. A firewall can help you monitor, filter or block HTTP traffic to and from your site. Your firewall can either be host-based, cloud-based or network-based. One of the most recommended firewall applications is Sucuri. It protects your website and comes with a blacklist removal guarantee and malware cleanup that could save you significant amounts.

Use the latest version of PHP

PHP (Hypertext Preprocessor) is the backbone of your WordPress site. This means it is extremely important to use the latest version. Each version of PHP is completely supported for two years from its release date. During that time, all bugs and security issues are fixed. At present, anyone using version PHP 7.0 or lower is unsecured and is vulnerable to attacks.

Keep your WordPress site updated

One of the most important factors for ensuring WordPress security is keeping your site up to date. Using the latest versions of WordPress, themes and plugins enhances the security of your site and helps keep it safe from hackers. However, you need to make sure that you install plugins from a trusted source - ideally the plugin developer. You can scan your theme files or plugin to detect any malware using an online tool such as VirusTotal.

Add an SSL Certificate to your website

An SSL (Secure Sockets Layer) Certificate is used to establish a secure link between the user’s web browser and your website. This is done by digitally binding a cryptographic key and activating the HTTPS protocol on the website.

SSL certificates use SSL encryption to safeguard private data from hackers. For this reason, they are commonly used by ecommerce websites to secure sensitive information such as credit card details, usernames and passwords. You can buy a  cheap SSL from SSL2BUY.

Use complex usernames and passwords

Setting complex usernames and passwords is one of the best ways to secure your WordPress site. Using predictable passwords and usernames makes it easy for hackers to compromise your site and data. The stronger your password, the lower the chances are of hackers intruding your site.

You must also make sure you change the default username from Admin. Earlier versions of WordPress made it easy for hackers by using Admin as the default username. More recent versions allow you to change this username. WordPress displays the strength of your password as you insert it and you will always be recommended to use strong passwords.

Use two-factor authentication on your website

When you install two-factor authentication on your WordPress site, your site is protected with an additional layer of security. There are various authentication methods including QR code, OTP via email, OTP via SMS, email verification, push notification, google authenticator to choose from. This additional step can ensure no one else can access your WordPress account. However, you need to make sure that your email ID, passwords and phone are secured and that no other third party has access.

Keep regular backups of your site

It is always wise to be prepared for a rainy day. Even if you follow all the WordPress security measures, it is advisable to keep a regular backup of your WordPress content. This means you won't lose your data if it unexpectedly crashes. It also means you can start afresh from the point the site went down rather than starting again from scratch.

Copyright 2019. Featured post made possible by Ben Hardy

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.