You’re up early because you’re excited about finally cranking out that project on your website that you’ve been so excited about.
You’ve got your coffee brewed and the aroma is filling the room; you’re super excited and ready to go.
You sit down at your computer, ready to get to work and open up your browser and type in your website’s login URL.
When the page comes up you’re floored because there is something else on your site that you most definitely did NOT put there.
You feel like someone punched you in the gut and all the air has left the room.
Your site has been hacked.
It sucks. I hear from website owners and they’re desperate to get their site cleaned up.
If they’d only have taken some precautionary steps they wouldn’t be having this problem.
It’s more prevalent than you may think.
Nothing on the internet is 100% secure.
There are big data failures that happen all the time. Just watch the news.
In between the stories on the Kardashians and the weather there just might be a story about how, once again, a big company or organization was compromised.
it’s safe to say that if it can happen to the biggest companies around, then it can happen to us as website owners.
But there are some things you can do to get your site locked up tight. Doesn’t mean that you’re impenetrable, but it does mean that you’re not going down without a fight and you can do a lot to make sure you’ve got yourself covered.
Keeping your WordPress site safe and secure really is a big deal. Here are a few things that I do on my sites to make sure that I keep them locked up tight.
Make a Backup Plan
Make sure you have a plan for backing up your site. I mentioned Backup Buddy in the plugins section so make sure you’ve got that set up and regularly taking backups!
Secure Your Site
Install and configure a security plugin like Wordfence, or iThemes Security. These plugins are easy to set up and will wonders for helping you secure your site!
Use a Secure Password
Pick a secure password. Secure passwords aren’t usually easy to remember, so you can start using password manager like LastPass, Roboform or KeePass. Don’t ever put it in Notepad or any other unsecure document.
Make a local backup
Make a backup copy of your entire website and save it to something like Google Drive, Dropbox, or on your local computer.
Plugins like BackupBuddy or UpdfraftPlus can do this for you.
Always Backup for Running Updates
Make sure you have a backup each time before doing major version update of WordPress core, your theme or plugins.
Disallow Unauthorized Access
Keep those who are testing your security fences at bay by disallowing unauthorized access to your wp-config.php file. Add the following code to your .htaccess file:
Do Not use “Admin” as your username
In addition to making sure you’ve got a secure password, make sure that you don’t use “admin” as your username. It’s probably the most commonly attempted username to be tried by hackers. Come up with something more unique.
Setup an anti-spam solution
Comment spam is a huge problem for WordPress site owners. Using an anti-spam tool like Akismet, or reCAPTCHA can go a long way in helping keep your site clean.
Keep your login page safe
Good usernames and passwords are a good start to protecting your login page, but I like to use a tool called Login Lockdown that will limit login attempts and provide a variety of other options to keep hackers out of your site.
Configure your domain to use CloudFlare
In addition to being a fantastic CDN (content delivery network) tool, CloudFlare adds a nice layer of security to your site.
Add additional protection to your login page
For those wanting an even greater level of security you can restrict access to your login page altogether.
Use an SSL certificate to secure your WordPress site
Browsers now alert users to unsecured sites that contain forms so make sure you’ve got an SSL certificate in place.