It is important that when you create a website through WordPress, that you protect it. This is how:
1. Train Users in Best Practices
What users really need to know are the basics of being secure online. This means:
- Using complex passwords that are hard to crack.
- Provide back-end access to only those who need it.
- Keep core software, plugins and themes up-to-date (if it’s their responsibility to do so).
- Don’t install plugins without weighing need against risk
- Better yet, leave plugins decisions to professionals
2. Choose Plugins Carefully and Stay Vigilant
Plugins can become outdated or abandoned as authors no longer have the time or interest in maintaining them. We’ve also seen where plugins have been unwittingly sold to those with malicious intent.
To help combat these possibilities, it’s worthwhile to stay on top of things. That means knowing which plugins you’re using, staying informed on new versions and generally paying attention to WordPress-related news.
Finally, take some time to routinely audit the sites you maintain. One easy way to reduce risk is to simply delete any plugins that aren’t active or no longer needed. This in itself will help cut down on potential problems.
3. Utilize SSL
It used to be that SSL was only for ecommerce sites or those that handled sensitive information. These days, it’s become the standard. Recently, both browsers and search engines have thought it’s important enough to warn users about sites that still run over http. SSL and educate clients as to why it should no longer be considered optional.
4. Employ a Helping Hand
Security plugins such as Word fence or iThemes Security are great options, as they look for suspicious code and behaviour.
For example, these types of plugins can limit failed login attempts, prevent malicious code from being executed and alert you when you have outdated software. Premium versions add goodies like country-blocking and two-factor authentication.
The value of these plugins is that they handle common threats by both bots and humans. They won’t make your site 100% bulletproof, but they offer an extra layer of protection. More important is that they can provide you with actionable information that can lead to a safer site.
5. Turn Off Unneeded Functionality
A fresh install of WordPress comes with a lot of built-in functionality. But there’s a good chance that you won’t be utilizing every single feature. Therefore, it makes no sense to leave them turned on.
Comments would have to be the biggest culprit here. Not all sites need to have them enabled and those that do should be using some heavy spam protection. If the site you’re building doesn’t need this feature, use the Discussion settings within WordPress to disable it.