2016 was a relatively good year for WordPress security. There were no significant security breaches that affected the vast majority of WordPress users, and those security breaches that did occur were contained fairly easily. But WordPress users must not rest in the past. As WordPress is the most used content management system on the Web, hackers are constantly targeting it. Users need to be ever diligent to protect their sites from hacking.
As a public service to our readers, we have listed below five WordPress security tips that you can employ very easily. Though the tips may sound surprisingly easy, the reality is that most hacking attempts are successful because site owners don’t do these very things. Sometimes the most secure solution is the simple solution of all.
1. Change Your Username and Password
We are continually surprised to hear stories of people using ‘admin’ as both the administrative username and password. In case you don’t know, ‘admin’ is the default for WordPress designed to get new users in the door so they can set up their environments to their own liking. Under no circumstances should you continue using the default username and password.
Use passwords and usernames that are at least eight characters and include letters, numbers, and symbols. If you have trouble remembering such complicated phrases, write them down and store them in a location away from where your computer is located. Do not store them on your smartphone.
2. Conduct Regular Backups
The best way to mitigate the damage of a successful hacking attempt is to do regular site backups. There are a number of plugins that create backups automatically and then store them off-site. As an alternative, you can run a manual backup right from the Softaculous section of cPanel.
3. Keep All Updates Current
Software developers update their products whenever security vulnerabilities are found. Therefore, both the WordPress environment and any plugins and themes you use should be kept up-to-date as well. Not running updates as they become available is asking for trouble.
4. Monitor Users and Commenters
If you allow site registration and/or commenting, do your due diligence and monitor your users and commenters. It’s very common for hackers and spammers to register as users on as many sites as they can in order to gain access. Once they are able to log in, they can begin looking for weaknesses.
5. Implement Dual Authentication
If your WordPress site doesn’t currently utilize dual authentication for logging on, you should change that right away. You can do so by modifying the .htaccess file in your root directory or installing a dual authentication plugin. The plugin is probably a better bet in that the other method doesn’t always work well with some browsers.
WordPress security is an ongoing issue that requires active participation from site owners. As a WordPress user yourself, be thankful that 2016 was a good year for security. But also be proactive in making sure 2017 is just as good a year.