WordPress Security: 4 Ways to Prevent Hacks Today
If you’re a blogger or have a website, you’re probably using WordPress as your Content Management System (CMS). This software has changed the game, making it easier for just about anyone to have a website. Starting as “just another blogging platform” in 2003, the self-hosted version now boasts over 60 million users. Small bloggers and large corporations alike use this open-source software because of its ease of use (once you get past the basics) and it’s numerous features.
Since so many websites use WordPress, it makes them a hacker’s paradise. An average of 30,000 websites get hacked per day. Last year, 16,000 WordPress websites had been hacked by September. Even with these alarming numbers, there are ways to beef up your WordPress security, even if you’re not a total tech geek.
1. Keep Your WordPress Software Up to Date
I’m going to take some time to get on my soapbox for a minute. For the love of all that is holy: please keep your WordPress software up to date. I’m begging you. WordPress updates their versions pretty regularly, because they’re constantly working on ways to give us more features, but also keep our sites safe. Kind of hard to do that when people still have old versions running their sites.
At the time of writing, the most recent WordPress version is 4.8.3. The first digit indicates a major release (think iOS 10 to iOS 11, which, by the way, I currently despise). The second digit indicates a moderate release, which usually includes new features and behind the scenes things that make developers happy. The third digit usually includes bug fixes and security upgrades.
According to Automattic, the parent company behind WordPress, about 49.3% of WordPress sites are at least on version 4.8, affectionately named Evans. A decent chunk of people, about 19.3%, are only slightly behind on version 4.7. But what alarms me more than anything is the number of people who are still running some version of 3.0. For a little bit of perspective, 4.0 was released in September 2014. Yet, almost 7% of WordPress installations are still running way behind.
Keeping your WordPress software up to date is the most crucial piece to protect yourself from hackers. With each upgrade, the geeks at Automattic ensure that there are additional preventive measures against hacks. For example, 4.8.3 was released to fight against a popular type of hack: SQL injection. Any versions prior to this one are still vulnerable. So the longer you stay behind the times, you have a big ol’ “hack me please” sign on your site.
There’s usually a huge banner at the top of your dashboard urging you to upgrade your software. Some web folks don’t like to immediately upgrade because they fear that some of the fixes may actually break their site. These are usually sites with way too many plugins (we’ll get to that in a second). Depending on your hosting company, you can set up automatic upgrades so you don’t have to worry about it.
2. Regulate Your Themes and Plugins
I think my soapbox above was pretty clear, so many of the same precautions spill into this tip. Ensure your themes and plugins are up to date. Not only that, be sure you only have what’s absolutely crucial to running your website. People typically get plugin and theme happy because it makes their site look nice and do cool things without them having to get their hands dirty with code.
But it not only weighs down your site with the size of them. It also makes it a hell of a lot harder to figure out which plugin or theme is making your site sick if you have fiftyleven of them installed. Reel it in folks. Get rid of plugins and themes you’re not using anymore, and ensure the ones that are installed are always up to date as well.
3. Password Protection and Two-Step Authentication
Raise your hand if you’re still using a password you came up with 10+ years ago. Yeah, I’m looking at you. Here at Awesomely Techie, we have told you time and time again how important having a strong password is. So you know what we’re going to do? Mention it again. It’s time to let those easy to guess passwords in the past. It still amazes me how many people are still using common ones like 123456.
But we’re going to take it a step further: two-step authentication. While it’s a pain in the butt, it’s one of the best ways to keep your WordPress website secure. You not only need to put your password in, but you’ll also have another layer added on, like adding in a special code on your smartphone. This is basically a way to ensure the person logging in under your username is actually you.
4. Install an SSL Certificate
This is a big one, especially now. HTTPS used to only be on big sites that offered e-commerce. Now, even if you’re not selling anything directly on your website, it’s still a good idea to invest in an SSL certificate. SSL stands for Secure Sockets Layer, and it’s a method to encrypt sensitive information on your website. It also ensures that your website is authentic, and not a bogus replica for scammers to phish information from.
There are different levels of encryption, therefore, different versions and price tiers for each. Most hosts and domain registrars offer it for an affordable price. Some platforms like Shopify and Squarespace include it with your web hosting. But remember: WordPress is free, save for your hosting fees. It’s a worthy investment. If you’re worried about the installation part, your website host should be able to help you.
So, you have some homework to do!
- Upgrade your WordPress software to 4.8.3
- Get rid of old plugins and themes, and upgrade the remaining ones
- Change your password and add two-step authentication
- Buy and install an SSL certificate