There are attacks on websites every single second of the day and although keeping your plugins and site updated helps it will not stop your site from being vulnerable.
Here is your starter checklist on what you need to do to keep your WordPress site, safe and secure
- Mask your wp-login and wp-admin areas – Don’t allow attackers to even know your basic login entry point
- Add 2FA to your accounts – Two-Factor Authentication helps make sure your site knows who you are by sending an additional code you need via your registered email to enter upon login as well as username and password
- If you have ‘ADMIN‘ as a username account on your site DELETE it and block anyone who tries to login with this username.
- If you have ‘admin’ as your main account, create a new administrator account first.
- When deleting the ‘admin’ account, it asks to assign all related content to another user. Make sure you do this and assign all to the new administrator account
- Disable Pingbacks and XML – RPC Simple and not needed. This is a real common entry point and used for attacks and injections.
- Disable the inbuilt file editor
- Security plugins. Downloading free security plugins is ok but doesn’t stop attacks. For the small price (and definitely worth it) download iThemes Security, or WPMU DEV Defender to give you a step by step process and flow to blocking all of the exposure you have.
- Both of these plugins offer FREE versions but you need more than the basics! It is good to use these to ensure compatibility and then when happy, MAKE SURE you upgrade to premium.
- Switch your backend off out of hours. – Sounds a little dramatic but by doing this, if you are sleeping no one else should be snooping around.
- Keep your plugins updated – Periodically check and ensure your plugins are the latest versions.
- Install a WAF / Firewall. There are plugins such as Wordfence which give basic firewall protection for free. Just remember to view the scan reports and do something with the issues it detects.
- Disable back-end directory browsing. This stops anyone browsing your directories and folders.
There are a lot more options to keep your site site secure and security prevention is also key in making sure you are not having to then clean your website for malware or malicious content.
As you expect, we offer a full security suite for our websites and managed services, providing multi layer firewalls and intrusion defences. Contact us to find out more and we can discuss with you. If you need the above checklist completed on your site, get in contact with us as we can deploy and complete same day for you – find out more here