With millions of people using WordPress according to WordPress only about 42% of these installs are at the latest release. This makes you wonder how serious do people take their website security. These stats are for just the core of WordPress and does not include the millions of plugins and themes. When we leave the house the first thing we check is to make sure the door is locked. When we buy a car we make sure it comes with a good alarm or we get one installed. If we take these precautions in life why do we overlook our website?
In the past websites might have not been used as much or to some not taken the seriously but in the recent years more and more of our lives are depending on them. Whether you use the internet for social media, purchases or as simple as communication we expect that the online services that we use be safe and well protected meanwhile we over look the sites that we have. In today’s day an age we find ourselves posting more and more of our lives on the internet even if we know it or now.
If we look at the picture above like we see in the movies they have retina scanners that would identify a person. Well we are not at that stage for websites but there are certain things that we can do that most people overlook.
- Most importantly we need to make sure that the core of WordPress is at the latest. These updates do more then just roll out new feature. They are also bug fixes and security patches. The same way you would run windows updates you should make sure to keep up with the WordPress Updates.
- After you have the latest version of WordPress you need to ensure that you update your plugins and themes. As these are usually developed by third party companies and small recreational developers these plugins can potentially open up security flaws on your website. When installing plugins and themes it is wise to get these from reputable vendors.
- Ensure that you use strong passwords for your admin accounts and possibly user accounts.
- From time to time review your “Users” section in the dashboard and look for suspicious user accounts. Any account that you think might be fake look further into it and if not being used remove it.
- There are times when a vendor might discontinue support on a theme or plugin. If this is the case and you find yourself in this situation start looking into replacement plugins and themes.
- Any plugins that you have on your site that are not being used it is just not enough to disable then you should remove them completely.
- To discourage bots from trying to create accounts on your website you should consider installing CAPTCHA on your website to reduce the amount of fake accounts being created.
- For your admin accounts make sure you do not use the common admin accounts like “admin”, “administrator”, “super” and so on. You should create an admin account that is not obvious,
- This one is a little more advanced for a beginner but the files that make up your site are composed of both files and folders. Ensure that they have the right file and folder permissions. This will help to protect you from unwanted browsing of content on your hosting account.
- There are services out there where you can scan your site to see if it has been infected by viruses. If your site has been affected see about getting it clean. If your site is infected and you are going to your own site depending on the virus you might be even infecting your own computers at home.
There are a lot of other things that you can do but these are just some on the basics that we covered. We will cover some other options in a later article. One thing that we would like you to see is that you either spent a lot of time developing your site so you have some serious time put into it or you paid someone to develop it for you. Which ever route you took why just throw it all away? By protecting your site you are also helping to protect other sites and even pc’s by helping to prevent the spread of access and viruses.