Securing WordPress: Step-by-Step Guide
WordPress is a very secure Open-source CMS. WordPress has a large community that works together to find solutions and security updates quickly when a vulnerability is found.
Even though it is a very secure CMS there is still some procedures you should follow to strengthen your WordPress installation.
Update Often: It is a good idea to update to the most current version of WordPress when updates are available. This can be done easily from the Dashboard and you will be notified when there is an update available.
The same goes for WordPress Plugins. Your plugins should be updated often and you should also remove any plugins that you are not using.
Backup Your Files: You should always have a scheduled backup plan for your WordPress site. It is just good practice and can save you from disaster in the event you have an issue or lose files stored on your host server. There are many options available that can assist you with your backup.
You also can simply backup your files through FTP and also export your database through your site’s control panel or PHPMyAdmin. Keep these files in a safe place, a Google Cloud Drive is a great way to keep your backup stored where you can always access it when needed.
Secure Usernames and Passwords: It is good practice to avoid any username that contains the word the words user, admin, administrator, test, or your sitename. Using these words can make it easier for hackers to target your admin account.
Use long passwords with numbers, letters, special characters, and upper/lowercase. A good way to come up with your secure password is to use a phrase that you would only know. You can also use a password keeper like “LastPass” that can manage all your passwords and make it easier to remember them. Search for a good password manager in the Google Chrome store and add it to your browser for ease of use.
Separate Admin and Editor Accounts: Setting up separate accounts for yourself can increase security. You can setup up an admin account and only use that for admin site duties, you then can add an editor account that you can use daily to post and approve comments. This adds further levels of security to your site easily. In the event that a hacker is monitoring your site traffic for access, they would only get access to your editor account.
Limiting Access to User Accounts: Remember to limit your users access based on their job responsibilities on your site. This limits risk of someone getting access to your admin through another user’s account. You should only keep one administrator or super-user account. Your other users should be limited to Editor, Content, etc.