WordPress Security Solutions – How Secure Is Your WP Site?
Last updated on 24/03/2020 at 23:46
In the past, I did a presentation for the East Dorset Business Network on WordPress Security Solutions and as part of my preparation work I created a PowerPoint slide and from that a YouTube video, x2 ebooks and a WordPress security checklist. This is an example of how you can turn a single product into multiple digital products.
In the presentation I cover ten practical solutions that you can implement to help towards protecting your WordPress site and how to go about cleaning up your site should you be unfortunate enough to get hacked.
Ten WordPress Security Solutions Include:
- Backup – Take regular backups
- Update Everything – WP Core, all themes and plugins
- Clean House – Remove anything you don’t need
- Manage User Profiles
- Change Passwords – Make sure is strong, using a mixture of upper and lower case letters and numbers with special characters
- Swap FTP for SFTP
- Hosting Solution – Does your hosting company offer:
- Firewall protection
- SFTP support
- 24/7 support
- Jail hosted sites to prevent website contamination
- Daily backups including offsite backups
- Ability to disable PHP error messages
- Security Plugin Solutions – I recommend the following:
- All in One WP Security & Firewall
- Better WP Security
- BulletProof Security
- WordFence Security
- Subscribe to a website security scanning cleanup service:
- Sucuri – from $18 per month
- VaultPress – from $9 per month
- StopTheHacker – from $8 per month
- All in One WP & Firewall plugin service – from $5 per month
- Ensure Your Computer is Secure
This is just a broad overview of what is covered in the presentation. When you download a copy you will get the following:
An ebook version of a PowerPoint presentation with notes on how to secure your WordPress site and a WordPress Security checklist for those who want to do it themselves. Comprises of a zipped folder with x3 pdf documents, one with slides and the other with slides and notes and a WordPress security checklist. There is also a 30 min long YouTube video presentation that you can watch.
Further Security Measures
As an update to the previously mentioned security measures, you should also change the author link as this displays the username. By hovering over the authors’ name you will see the username displayed within the URL towards the bottom of the screen. The username is also displayed within the URL when you click on the author name.
You can change this by logging into your phpMyAdmin and clicking on the + next to the database name to reveal the database tree (structure). Once open click on _users at the bottom to show all the users of your site then select one and click on edit. Within this screen look for user_nicename and change this to the author/contributor name so is different from the username. Also, be sure to join names with a _ or – as there can be no spaces. Then select go at the bottom right of the screen to save your changes.
The above change will result in the author URL appearing as below. Depicting the author name and not the username.
By doing this we make it that much harder for would-be hackers to obtain your login credentials. You can’t prevent someone who is determined enough from hacking your site but you can make it more difficult for them.
If you use WordPress you might also be interested in this infographic on “50 Amazing Facts You Probably Don’t Know About WordPress” by the creators of Website Builder, whose vision it is to become the ultimate best source of information for absolutely any website builder related query.
The infographic also provides some interesting security facts such as 52% of WordPress vulnerabilities relate to plugins and 18 million WordPress users were compromised during the worst WordPress security breach.
The content of this article was updated on 21/05/2018