Many business owners engage a website designer to create their company’s website and more often than not, they are presented with a WordPress site. WordPress is one of the most popular open source platforms for websites, mainly because it’s so user-friendly, allowing business owners to quickly update their sites without the need to understand complicated code.
However, because WordPress is open source, some people believe that it can be more vulnerable to hacking than other platforms. The vulnerability of your website however, is heavily dependent on its level of security, so here are 10 steps that will help you to keep the hackers at bay.
- Prevent repeated logins: One of the ways that hackers gain entry into a website is by running an automated script that tries various logins until one works. You can ask your website designer to set up software that locks out anyone who fails to login correctly after multiple attempts.
- Set up multi factor authentication: In other words, users to answer a security question or enter a specific code to enter your website, as well as their username and password. You can even send a code to their smartphone, which they need to enter on the login page to receive full access. The more levels of authorisation, the more secure your website.
- Only allow email addresses for logging in: Since hackers try to guess usernames to access your website, it makes sense to require users to submit their email addresses instead of a username, as these are more difficult to predict. By default, WordPress allows either a username or password for login, but it’s possible to only allow emails.
- Change your login page address: Since the default login page for WordPress sites is ‘wp-admin’ or ‘wp-login.php’, it makes perfect sense to change this URL, preventing hackers even finding your login page. You will most probably need to ask your website designer to do this for you, but it’s definitely worth the trouble.
- Strengthen passwords: Always change your passwords on a regular basis and strengthen them by increasing their length, adding special characters, numbers, and so on. The longer and more complicated the passwords, the harder they are for hackers to crack. You may want to consider using a password manager service to ensure that your passwords are not only extremely secure, but you don’t have to remember them.
- Log out idle users: If users leave the administration pages of your site open and walk away from their desk, anyone can hop on and make changes to your site. This is a big security risk, which can be avoided if you automatically log out idle users.
- Secure admin page: Another layer of security is to password protect the wp-admin directory, as anyone who gains entry here can make significant changes to your website. This can be done a number of ways, including through specialised security software.
- Convert your website to SSL: SSL certificates not only encrypt the data sent to/from your website by visitors, but they also make it more difficult for hackers to gain entry to your admin area. You, your host, or your website designer can install an SSL certificate in your web hosting account, however there are a number of steps to go through to “convert” your site to use it (i.e. changing the address from HTTP to HTTPS) and ensure you retain your search engine rankings.
- Strengthen the admin user name: Never use ‘admin’ as your username to log into your website, nor any part of your domain name, as these are the first usernames that hackers will try to hack into. Always use an unrelated username, which will make it more difficult for hackers.
- Backup your website: If the worst happens and your website is hacked, you can have it up and running again in perfect working order if you have a recent backup. Better yet, engage a web developer or website support provider to maintain your website, including backups.
It’s best to ask your website designer to handle all of the above for you, but it will absolutely be worth the investment to properly secure your website for yourself and your customers.