In this article, I’ll go into some key points about WordPress Security and provide tips to keep your site safe and secure.
WordPress security problems can totally suck!
If you’ve ever been hacked or seen your site go bye bye or got the dreaded virus-infected-website message from Google that your website isn’t safe to visit, your heart might have sunk.
That feeling that your site isn’t working and your professional image is being ruined is incredibly annoying.
And you might feel helpless if you’re not super techie nor have anyone on board to help out.
I’ve seen a past client’s site (they did neglect updates) get hacked and then littered with ads for performance aides and toys.
If you’re taking client payment info, it’s even more frightening to think credit cards are at risk.
We don’t want any of that.
Instead, we want our sites to be bullet-proof, protected and safe and secure for both us and our visitors.
We want our sites to be running all the time, presenting us in the best light, and helping us grow our businesses.
Is WordPress bad because it’s a favorite target among hackers?
You may be worried by the stories you hear about WordPress websites getting hacked. That it happens a lot. That it happens too much.
Understandably so, this may deter you from using WordPress.
But you’d be making a not-so-great decision because any highly-used software (or technology) is a target for hackers for this very reason – it’s popular.
It’s being popular gives hackers a big pool of websites to target.
With WordPress users, you get various levels of users taking various levels of safety measures.
Something like this:
- 33% don’t take care of their websites, are negligently reckless in their use of WordPress.
- 33% are expert users, coders, programmers whose sites are super safe.
- 33% fall somewhere in between.
And it’s the easy prey, the first 33% of websites for which hackers and viruses attack because they are the easy-to-reach, low hanging fruit.
It’s just like pickpockets who target crowded touristy places.
- There are easy prey like older people, with dangling purses, wandering alone down shady streets who would be easier to rob.
- There are the alert, younger, faster males perhaps in a group who keep their valuables tucked away who would be bad targets.
- There are the rest who fall somewhere in between.
How do I know? I uhhh, errr, think I heard about this in some article somewhere ;P
The thieves will go for the easy least risky, most profitable option.
And again, the same holds for hackers, viruses, malicious software, etc … they aim for the weak and susceptible websites and as many as they can reach.
Here are 5 tips to boost WordPress Security for your coaching website
For coaches, especially newer ones, maybe doing your own websites, or having one web designer or VA on hand, there are some very basic, simple, easy WordPress security steps to take that will give you the most bang for your buck.
They are must-dos for a safe, secure WordPress website. And they are …
1. Only use the best plugins, themes and software.
By best, I mean most trusted, widely used, recently updated and highest rated.
Below is a screenshot from the plugins directory at WordPress.org – where you go to find and get new plugins.
And as you can see, I did a search for Contact Form 7 plugin, and oldie but goodie that I’ve used for website forms.
Here’s a zoom in of it …
… and here’s why it’s a safe and secure plug-in:
- There are lots of active installs, 1+ million. That’s a good sign. Often 10,000+ installs is enough for me.
- The rating is 4.5 stars. That’s solid too. You want 4 or up.
- It’s been updated 21 hours ago. If a plugin is years old, avoid them as they are huge risks.
- It’s compatible up to 4.7, which means it meant to work with the latest version of WordPress. Good.
You can see see the latest version of WordPress simply by logging into your site by the way, and looking at the At a Glance panel shown here …
One other key thing that makes me feel safe when seeking new plugins is if a guru I know and trust has recommended it.
2. Change the “admin” default login name to something complex.
I’ve logged onto other people’s wifi routers by using the default settings and guessing passwords.
It’s a little surprising as to how easy it can be.
And a hacker has even more power to guess your username and password because they can setup a program to keep trying all day long.
In WordPress, many times the initial setup will set the word “admin” as the default username.
This is bad because a hacker now only needs to guess your password before they get in.
You should make your username something complex and here’s how to change your WordPress username.
3. Make sure your password is complex with wacky characters and varied cases.
If your password is your pets name or your firstname or something easy to guess, change it immediately to something wacky like this => 87HES37@s!00It7$%
Here’s what I’d include.
- Make it long, 12+ characters or more
- Use both upper and lower case letters
- Forget about being able to remember this username
- Use numbers and symbols like these *#@$%!_=
- Mix it all up so it looks nice and random and messy 😉
Don’t be afraid to make it insane looking because you’ll never have to memorize it and your browser will let you store your password if you choose.
But yes, please do write it down somewhere or keep it safe in some sort of password keeper.
Also, if you do forget your password, you can request to reset it by email, in which case you can easily replace it.
So yes, you have my permission to make it funky looking.
4. Regularly run updates.
The longer you go without updating your website, the more susceptible you are to …
- hackers who have spent the last few weeks figuring out loopholes
- viruses that also discover weakness in your software
- tech failures simply due to all the software pieces of your website being updated over time – for example if a browser is updated, there’s a chance your site might not work right if it’s not updated with the current patches.
And with WordPress, running updates is a piece of cake.
Just log in and click update on everything. You can even set WordPress to run automatic updates if you wish.
While you’re doing the updates, also run a quick test of your interactive parts of your website, like forms and payment buttons.
5. Have a backup process in place for peace of mind.
There are may ways your website can get ruined including hackers, viruses, hosting company failure, your web designer goofing up, or even you goofing up.
And so, a simple, low or no-cost backup will give you much peace of mind.
Your backup process can be as simple as downloading your database and website files. You’ll have to check with your host provider on how to do this.
Sadly, the backup software or plugins out there can get annoyingly complex and hiccupy and overly technical.
I currently use Backup Buddy which is a bit of a technical beast, but when it’s working, it’s smooth. Because I’ve got the geek gene, I’m happy to use it.
In summary, remember that an ounce of prevention is a pound of cure.
I’ve had to rescue a few coaches from malicious take-overs and resolving them can be quick-n-simple or a long drawn out nightmare.
And with the tips above, with less than an hour a month, you or your VA could nearly eliminate your WordPress security worries.