WordPress Security and Unused Plugins
Quite often, I come across a WordPress website that has no security measures enabled or it has a large number of un-updated or unused plugins in place.
Today, we’re going to talk about what are the risks of having no WordPress security, keeping unused and not updating plugins on your WordPress website.
WordPress Security Measures
1. Protect your WordPress Admin Area
You can easily restrict an access to your website dashboard by allowing the access to wp-login.php only from your IP address. This is an easy trick and could be a very handy if you access your website from 1 particular location that has a static IP address, otherwise, it will become a nightmare 🙂
How to do it:
- Connect via FTP to your web hosting and find “.htaccess” file, it should be in “www” or “public_html” directory;
- Make a copy for a backup (you can upload this copy back to the server if that changes below broke your website);
- Add the following code (replace “xx.xxx.xxx.xxx” with your IP address) to the file and upload it to the server.
<Files wp-login.php> order deny,allow Deny from all Allow from xx.xxx.xxx.xxx </Files>
2. Don’t use the “admin” username and don’t use account that has id “1”;
- It often happens that the default “admin” user does have an id “1”, this might be used for breaking into your website. Therefore, it’s recommended to change the ID of your “admin” user to something else;
- Don’t use a default user “admin” – it’s used for hacking, instead, come up with a unique name for the user when you install a new WordPress Installation or Change it via cPanel.
3. Use Strong passwords
- Don’t use simple passwords, it makes hackers life a lot easier. Come up with at least 10 characters long password that will contain digits, upper and lower case letters and special symbols;
4. Consider two-factor authentication
- Another way of adding more security to your WordPress website is to enable two-factor authentication, there are a few plugins which can help you with this (check out the plugins);
5. Keep your computer free of viruses
- Regularly check your computer with antivirus software as you may have a trojan on your computer which is actually stealing your passwords;
6. Backup file and database
- Make sure you backup your website files and DATABASE with a plugin that allows storing the backup OFF the web hosting, as if your website gets hacked and you lose the control over it, you can restore it from the backup on another hosting account.
- You can backup and store the backup, for example, on Google Drive, OneDrive, DropBox with UpdraftPlus WordPress Backup Plugin (free version will be enough).
7. Update WordPress
- WordPress evolves constantly, patching breaches and improving security – keep the core updated.
8. Use WordPress Security Plugins
- Use of WordPress Security Plugins will help to protect your website from a various type of attacks and also will help to hide dashboard from an access while you’re sleeping (at night time, when you know you won’t be using it anyway).
- For an example: iTheme Security.
WordPress Security - unused plugins
Developing a WordPress website is always an iterative process, where you may try out a few different Themes and a large number of Plugins. After a website goes live you don’t always delete the plugins which you actually don’t need.
This is a bad thing, as plugins may have a vulnerable code which will eventually compromise your website.
It’s a good practice to go through the list of installed plugins (Active and Deactivated) and see if you can actually delete some of them (run a backup before you delete anything).
WordPress Security - outdated plugins
You need to update the WordPress and Plugins on your website as soon as a new version of plugin or WordPress is released.
With new updates, developers may fix security issues in previous versions and if you don’t update WordPress or Plugins, it may hurt your website and your reputation.
Do not leave your WordPress website on default settings once it’s gone live, you need to maintain it all the time and keep the security at an appropriate level. Need a help? Let me know!
An Email updates about Software, Online Tools, Marketing and more.