When you first setup your WordPress website, security may be the furthest thing from your mind. Many beginners assume that the installation, whether you install WordPress manually or from your hosting cPanel system, is secure. Bad assumption.
It may seem like no one would want to get into your website, but you should never take this for ‘granted’. Even with a new site, it does not take ‘bots’ to find your site and start attempting to login, or post spam comments.
This post discusses the most common ways ‘bots’ and hackers will try to access your WordPress site, and then lists some of the best methods to stop them.
Most common WordPress security issues
- Login attempts
Many bots are setup to try to gain access to your site through the ‘wp-admin’ login panel.
- Spam Comments
Your site will get spam comments. The more popular your site gets, the more spam comments. Some spam comments look good, but you can normally tell spam comments from the quirky email address used, and the poor English in the comment. If it does not look legit, delete the comment.
- Old Versions of WordPress
WordPress code is open source, so any one has access to it. Hackers are always looking for ways to exploit that code to access websites with older versions of WordPress.
One of the great things about WordPress is the huge variety of plugins. For the most part, WordPress plugins are secure. Every now and then, some have code that hackers can exploit. A great example of this is the recent issue with the “timthumb” plugin. When an issue does occur, word spreads fast, and there is normally a quick update to resolve the issue.
Quick and easy methods to keep your WordPress website secure
- Keep the WordPress version on your website up to date.
In a previous post, Manual vs. Automatic Installation, I talked about the pros and cons of installing WordPress using your host cPanel or installing it yourself manually. The big advantage of installing WordPress manually is having the ability to update WordPress as soon as they are available. Often, when you are relying on cPanel for installing and updates, the hosting company will not allow an update until they evaluate it, which can be a long, unnecessary delay.
- Keep your plugins up to date.
- Delete unused plugins.
- Routinely backup your WordPress site.
This should be obvious. If something does happen to your website, it will be much easier to restore. I will post on how to backup your WordPress website soon.
- Use some form of “Captcha” plugin to help prevent spam.
WordPress comes with Askimet preinstalled. There are many other good captcha plugins available. User rating and feedback can help you decide. Personally, I have found the “Captcha Free” plugin works well.
- Use the “Limit Login Attempts” plugin.
This is a great plugin for stopping ‘brute-force’ login attacks of your website. If there are too many unsuccessful login attempts, then that IP address will be blocked from attempting to login.
This is a beginners guide, so there is much more to learn. I have included 2 links below to excellent articles on WordPress site security that gives more detailed information and options.
If you have a favorite security plugin, please leave a comment and let us know.
Thanks for reading