WordPress Security Checklist To Take Action On
The web is a very powerful place and within that power are some forces that are out to do damage to some websites. Now being that WordPress is the platform of choice for almost 27% of all websites online, it is important that if you are using WordPress for your site, you have some security in place to avoid anything bad happening. We want to give you a very simple WordPress Security Checklist of items that you can do right away which will make your site more secure than the majority of WordPress sites online. So let us get into it!
SIMPLE SECURITY STEP #1 – Usernames and Passwords
Sounds simple right? This is so often overlooked and just making sure you have an appropriate username and strong password will take your site security up many levels. An appropriate username would be something other than “admin”, “username” or “user”. There is a slick free plugin to allow you to change your username inside your admin area with no need to access your site database. Check it out at https://wordpress.org/plugins/username-changer.
Now on to passwords. We can not stress this one enough. Passwords are the keys to your house and hackers have skills to identify weak passwords to get into your site and unleash their nastiness. The good news is creating a strong password is super easy. Check out this post we wrote about creating strong passwords and you can do this right away. Wait, YOU MUST DO THIS RIGHT AWAY! See post at https://www.wpfixit.com/create-super-strong-passwords.
SIMPLE SECURITY STEP #2 – Updates
If you are driving your car and the engine light or any warning light appears on, they actually mean something and need attention or your car can become out of service. The same exact thing goes for your WordPress dashboard. When you see that you have pending updates for plugins, themes or WordPress itself, YOU MUST COMPLETE THESE. While may updates are available to improve functionality of something, in many cases an update will be to enhance security and protect your site from a vulnerability that was found. By not completing these updates you are allowing those vulnerabilities to exist and opening security holes on your site.
We do about 100 WordPress Infection Cleanups each week and can say that a large majority of them are caused as a result of the site owner not completimg their updates. Do not be afraid of these updates. They are important to complete. As long as you have a good Backup/Restore strategy in place, you have nothing to worry about.
SIMPLE SECURITY STEP #3 – Site Access
Now you might be the only one that has ever had access to the administrative area of your site or have many hands that have been in it. Either way it is important to make sure that all the users your have registered on your site are meant to be there and if they are, they have the proper access level. Ever heard of the the expression “too many cooks in the kitchen”? If you are running a site with multiple authors or users that have access to adjust content and functionality, you need to make sure you audit this list properly. An awesome free plugin for making sure you can see every function another user on your site has completed in the admin area of your site is at this link https://wordpress.org/plugins/wp-security-audit-log/.
There may also be some times where you need to give a stranger access to your site and you might create a new admin login but then forget to delete it. Or you may even give them your login details. There is a better way. A plugin exists that allows you to create a temporary user that will delete itself at a time you define. They will not even need a password. Check it out at https://wordpress.org/plugins/temporary-login-without-password.
SIMPLE SECURITY STEP #4 – Security Plugin
Now this might be the most difficult step on this list but still super easy. Adding a security plugin to your site will surely enhance your site security much higher than if you did not have any security plugin present. So in the theme of keeping it easy for you, we have hand selected a plugin that we personally use when we secure sites and recommend it to all WordPress users that are looking for an easy to use security solution. The plugin is Shield Security and ohhhh how we love this masterpiece. Just by installing this plugin and activating it, you will be ready and secure. Even if you do not touche a single setting at all. Now there are additional settings to fine tune your site security as well.
You are not required to use a security plugin on your site but you should in order to raise your level of protection. You can take a look at all the advanced setup options Shield Security offers at THIS LINK but remember even the default settings are more that sufficient.
SIMPLE SECURITY STEP #5 – Stay Informed
So it is important to know that WordPress as a core software platform is super safe and secure. It is the way users set it up and manipulate it to their needs that creates security issues. Also a major source of security risks are all the 3rd party plugins and themes that users add to their site for additional functionality. The best way to stay in the know of all the security alerts that may arise is to have an ear into the WordPress community.
We at WP Fix It are crazy supporters of WordPress Facebook Groups. These groups are some best places to get information about WordPress as well as ideas that may help you along your WordPress experience. Now on the topic of site security, our favorite Facebook group is WordPress Security at https://www.facebook.com/groups/wordpresssec. We highly recommend you join this group and get involved in the conversation.
If you have any other tips that you would love to share, please comment below. ENJOY!!!