Ithemes security plug in that I offer for sites that I maintain has written a terrific article that includes the 8 Actions You Can Take Today to Protect Your WordPress Site.
I am including the list here. For the full article go to: 5 Common WordPress Security Issues.
1. Use a strong password.
2. Install a WordPress security plugin.
3. Enable WordPress two-factor authentication.
4. Keep your WordPress site updated.
5. Set up proper permissions on your server.
6. Run scheduled malware scans.
7. Have a reliable WordPress backup plan.
8. Activate WordPress Brute Force Protection.
As part of the security maintenance plan that Virtual Freedom offers these eight actions are done for you. For those who choose to maintain their own site, either go to the full article or follow what we have chosen as the best options for our clients.
- Strong passwords help keep your site secure. We all love choosing ones that are easy to remember, but often that means they are easy for hackers to figure out. The best suggestion out there is to choose 3 five or more letter words, add at least one number,one capital letter and one symbol. This can make it easy to remember and hard for a hacker to make sense of it.
marriage9Blues%sorta is an example. Or use the options to generate a random sequence.
2. There are a variety of plugins for WordPress. We have chosen ithemes with the BackupBuddy added. This decision was made after reading reviews and trying others. We believe it is a strong choice and offer the Pro version as part of the security package.
3. Two factor authentication often means that before you can log in a security code is texted or phoned to you. In some cases you have to answer a pre-set security question. You have probably had this happen for other sites. We can add this with ithemes, but find for most of our clients it is rather cumbersome. If you do not have a commerce site or hold sensitive information a captcha may be all you need. This is your choice.
4. Keep your site updated!! Not doing this opens up the door to malware. If you are maintaining your own site. Check the dashboard routinely for updates. When there are updates you will see a number at the top of the page. And along the column there will be numbers next to the what needs an update. Updates appear randomly so check often. For plugins, themes, and the basic WordPress database its self. If you need help let us know.
5. Your server can lock you out or let others in. Set up permissions as to who can access your site.
6. Malware is like a virus. It can corrupt your site or it can hide and infect those who click on your site. It can be expensive to have it removed. The best thing is to set up regular scans.
7. Backup your site on a regular basis. Be sure to backup before you run an update. This will ensure that if something goes wrong and you loose data, that you can restore it. Your server may have a backup option. We use BackupBuddy.
8. Brute Force is when someone (hacker) tries to break into your site. The often have computers that attempt to discover your username and password. Often usernames are easy to discover. The default used to be Admin. At this point all that is needed is your password. Brute Force protection only allows a certain number of tries before locking them out. You can also choose to block various IP addresses or in some cases choose to block countries.
Contact Keridak if there are any questions. KeridakKae@gmail.com or 303-887-6477