Harden your site security

No one wants their site to be hacked. However, hundreds of sites are taken down every day, and millions more are at risk of damage, just because of bad security practices.

(If you’ve been hacked, check out our Security Optimisation and Malware Removal package.)

To get the best security on your WordPress site, it’s always recommended that most improvements should be implemented at a server level, not the WordPress level. That’s why the most popular security tip is always “get a great host”.

Our clients know this first hand. After all, our Managed WordPress Hosting service is not the cheapest out there, but they understand that it’s a great investment. They may have signed up for the speed improvements we offer, but they stay with us because they don’t have to worry about their site going down. They can sleep like babies, safe in the knowledge that their site is in good hands.

What can I do to improve security on my WordPress site?

Having said that, there is always something else you can do as a user to make your WordPress site even harder to hack. Here is our official list of seven easy steps:

0. Update everything every day

Like any price of software, WordPress and its themes and plugins receive constant security updates. Keeping these applied are so important that we made it ground zero for this list.

If your site is out of date, stop reading this article, back up your site, and run those updates.

WordPress makes it easy to see and apply all updates through the update icon in the admin bar and the updates menu in the Dashboard. If it’s all too stressful, our Managed WordPress Hosting updates for you every day.

1. Set up two user accounts

Create one account with high permissions (Administrator) for safe environments like home, and one with low permissions for use “on the road” (Author). That way, if your Author user account gets hacked, the damage won’t be that great.

#protip: Never use the username admin or administrator.


2. Use a different password for every account

This goes beyond WordPress. For instance, never use the same password you used for Facebook on your Gmail account. If one gets hacked, then they’ll all get hacked. Too difficult to remember, you say? That brings us to the next tip:

3. Use a Password Manager

Choose a password manager that will integrate seamlessly with your laptop and your cellphone. 1Password is great, but there are plenty to choose from — choose one, get it set up now, and make sure your master password is at least 12 characters long.


4. Avoid unreliable connections.

Dodgy connections like the free wifi at the mall pose a security risk, especially if the connection is not password protected.

But if you absolutely need to use that free wifi, always be sure to connect using a https protocol (instead of the insecure http). And if you don’t have a SSL certificate on your site, please contact us so we can buy you one: it will even help with SEO.


5. Invest in a VPN

Think of a Virtual Private Network as an iron tunnel which protects and encrypts all of your data. It has its cost (in money and slight delay in connection), but it is well worth it, especially if you often connect “on the go”.


6. Use two-factor authentication when available

You can install a free plugin in WordPress that will enable two-factor authentication for you (or if you’re one of our clients, just drop us a ticket and we’ll do it for you).


7. Back up, back up, back up!

All of the sites we manage have 14 days of backups included on Amazon S3 infrastructure, but you can never have too many backups. If you’d like to add a third-party backup, we highly recommend VaultPress by Automattic — it’s secure and performance friendly.

black-18320Remember that security on the web is more of a journey than a goal.

If you’d like more tips like this, be sure to register for our newsletter and follow us on Facebook and Twitter.

We’d love to hear from you!

Contact form

  • This field is for validation purposes and should be left unchanged.