For several years, WordPress has been used to design millions of websites. A multitude of them collect, even store, private and personal information in secure ways. This is often the payment data of e-commerce customers. You must therefore secure your Wordpress site at all costs.
WordPress is a name recognized by many users, so we tend to think that this CMS is necessarily invulnerable to piracy.
In reality, this is quite frequently contradicted, but rest assured all this is normal.
In reality, software always has flaws, WordPress is no exception. Usually when a WP site is hacked, it is not the fault of the WordPress CMS ... but of the webmaster managing the site. Indeed, customers rarely follow the recommendations to secure their wordpress site.
Since the start of 2021, specialists have been expecting more penetrations on WP sites, as quite a few people have not updated to WP 5.0 since December 2018.
In addition, as an agency of wordpress site creation in Switzerland, it is common during the first contact with companies, it is not because you are a small French-speaking, French or Belgian SME that you will necessarily be spared!
Indeed, for this kind of hacking, hackers aim wide and automate attacks with robots, called Bots. So a good question would be: What should I do to prevent my website and how to secure a wordpress site ?
Our four WordPress security tips will protect your site in 2021
1. PROTECT YOUR ADMINISTRATOR PAGE
Your admin page is the first step in protecting yourself against cyber attacks. So you better make it inaccessible. Here are 4 essential things to avoid unpleasant surprises:
- People with a WP site know where to access the admin page. It's very simple, just type /wp-login.php or / wp-admin. Any hacking bot will add this link to the end of your url and you will be vulnerable. So to start protecting your WordPress site, it is necessary to modify the link of your admin page. There are plugins available to secure your wordpress site.
- We also invite you to use a website locking system, this is called an "anti-brute force" which will block your site after several attempts at false user / password combinations. This protects against forced attacks. The moment you repeatedly attempt to access your WP with an incorrect password, the admin page crashes and you will receive an email or sms telling you that an IP address is trying to access it without authorization. There are several specific plugins that you can test to secure your wordpress site.
- On the admin page, two-factor authentication is another additional security measure. As the manager of the WP site, you have to decide which settings to use. It can be a normal password with secret code, characters or even use a system that sends the famous secret code to your phone. This last option will ensure that only the person with the phone, normally you, can access the site.
- You should update your passwords regularly. Use a mix of upper and lower case letters, numbers and special characters. In brute force a long enough password (10) will be almost impossible to hack.
2. USE SECURE HOSTING FOR WORDPRESS
To secure a site under wordpress requires more than blocking the latter. A WP site should be protected at the web server level. This is one of the responsibilities of your host. It is essential to do your research and find a host in whom you can have complete confidence and have been present for many years, such as infomaniak or siteground.
Beforehand, your server should have a firewall at the server level, as well as systems to detect intrusions. This will protect your website, even during the installation of WordPress and during the development of your site. Another effective solution is cloudflare in free version which acts directly on traffic.
By using cloud hosting, the host should be able to ensure that the software installed on their servers protects your WordPress site while being compatible with the latest WordPress updates.
3. USE WP WITH THE LATEST UPDATES
When we want a WP site to be properly secure, it must be maintained and therefore updated versions of wordpress.
Just like changing your motor oil or mowing your lawn, you need to maintain your WordPress site. From the WordPress core base, through your plugins and your themes all should be subject to regular updates.
A report from the firm WP White Security revealed that
“Nearly 50% of WP's flaws come from plugins or themes that are not updated or fixed. Vulnerabilities are spreading quickly in the opensource world and people who seek to exploit these vulnerabilities know where to start ”.source: https://www.wpwhitesecurity.com/statistics-highlight-main-source-wordpress-vulnerabilities/
According to Malcare Security, this number would be much higher, around 80%. Reason why WordPress needs to be updated very often. Each new version fixes bugs and security vulnerabilities. WordPress identifies its vulnerabilities and during each update, they lie in place protective measures against them. Without updates, your site will be fragile in the face of attacks.
Also, whether or not you like the latest WordPress finds (yes you, dear Gutenberg editors), updating is no longer optional, but necessary to secure your Wordpress site.
4.DO NOT HOST SEVERAL WP SITES ON THE SAME SERVER
Imagine that you have 4 sites hosted on your server account. 3 of these websites have a lot of visitors so they get updates regularly, but don't forget to update the latest one to keep wordpress secure.
A hacker bot can find outdated sites and access the backend of your hosting server. Afterwards, he will be able to download a script allowing him to take control of your hosting and hack the data of the files there.
Don't worry too much about having shared hosting, it should be noted that good web hosts have very small server pools. It is believed then that there are few sites hosted on each server.
So when one of them is attacked, the hacking will only hit a small number of websites… This further reduces the risk of your WP site being part of the lot.
And to finish…
Some other tips you can apply in 2019, to secure WordPress:
- Use quality WP themes, that is, updated by their creators. Do your checks before choosing a free WordPress theme.
- We should not take administrator as username. Unfortunately, a lot of WordPress webmasters use admin as their username. So it is easy to decipher the ID on their website under WordPress.
- Disable editing and editing of files via the WordPress dashboard.
Content strategist, he sends a coherent brand message to the public. His multiple angles of approach allow him to integrate his skills in marketing, in order to identify the needs of the customers and to propose the best products and services.