A downside of WordPress’ popularity is that it can be a target for malicious software and hackers. “Who’d want to hack into my little company’s website”, I hear you ask. Well, for the most part no human entity is directly interested in you or your website. However, “bots” are! Bots are applications that run automated tasks. Many of these are maliciously designed to trawl the web, searching for weakened website defences. Did you know that, as of September 2016, 56% of web traffic is that of bot’s! There are thousands of forgotten WordPress websites that are default installations, which makes them easy to get into. These are the sites the bots are looking for. There are however simple measures you can take to make it much more difficult for anyone or anything to get into or affect your WordPress website and make sure you don’t get caught in the crossfire.
Core updates are updates to the WordPress software itself. These are key, not least because it maintains security. A big plus to WordPress is that it is regularly being reviewed and updated. If there are issues, they will be fixed with a core update, hence it’s importance. WordPress is also worth updating to make sure it keeps functioning as you want it to when using your website on a day to day basis.
A common route into your website is through the plugins you install. Plugins provide functions to your website. Things like your social media feeds, e-commerce systems and image galleries all usually require plugins to function. If these plugins are not kept up to date, it can create a route in for any malicious software. As part of our day to day website managing process, we ensure that all plugins are kept up to date.
The obvious advice… have secure passwords. However, whilst it may seem obvious to most, some people choose passwords that are easy to remember rather than secure. We recommend that you select 3 random words (ie not names of children or pets!) that mean something to you, but won’t to anyone else, and string them together. The longer the password, the better. Make sure your WordPress “back-end” passwords are secure and not easy to guess. You can use software such as LastPass, to manage your passwords. It allows you to set more secure passwords without having to remember them all.
To access the back end login section, the standard address is /wp-admin. You should change this from the first moment you set the site up. If it is something different and less obvious, it is an added layer of security. Changing the back end address plus many other security features are available through easy to use plugins. We use iThemes, which we have found easy to use with great functionality.
It’s easy to not do anything about your security. However, it’s not at all difficult to manage it, and keep things up to date. There’s no excuse not to maintain your website security, so don’t get caught out!