One thing you have to think about when you go self-hosted is security! Here are ten things you can do to help secure your WordPress site…
1. Keep WordPress updated
One of the most common security issues for WordPress sites are related to running outdated versions of the WordPress core, themes and plugins.
Regularly updating your site will help prevent you from being hacked. Keeping WordPress itself, your plugins, themes and PHP version up-to-date will fix any existing bugs and security issues. ⠀⠀
2. Don’t install plugins or themes from untrusted sources
Only install plugins and themes from well-known repositories or reputable developers. Other forms of distribution may contain malicious code.
3. Uninstall and delete unused plugins and themes
It’s a good idea to uninstall and completely delete any unused plugins or themes, they can be a security risk if known vulnerabilities exist within them.
4. Review your WordPress password and logins
Your WordPress login is the most commonly attacked area of your site. This security vulnerability is the easiest access to your site’s admin dashboard. And brute force attacks (guessing usernames and passwords over and over until a successful login occurs) are the most common method of exploiting your WordPress login. Use a strong, unique and complex password.
Don’t use “admin”, “user”, “temp”, “test” or “user1” as your username, enforce strong password requirements and limit login attempts. You can also change the login page URL. It’s not foolproof, but can make it harder to access your site.
5. Add two-factor authentication for your admin login account
Two-factor authentication is a system that requires two items to log in to your account. The first being your username and password, the second is a unique code that’s delivered via text, email, single-use codes or mobile app. Two-factor authentication adds an extra layer of security to protect your account.
6. Regularly backup your website site
WordPress doesn’t include a built-in backup system, you’ll need to implement a backup strategy on your own. Trust me, you’ll appreciate it! If your website is ever compromised, you’ll be able to get it back online pretty quickly and easily if you have backups. Regularly backup your full site and database daily, weekly or monthly depending on your content frequency, so that if anything happens you can easily restore a previous version.
7. Add an SSL Cert
When someone visits your WordPress site, a line of communication between their device and your server starts to pass information back and forth. An SSL Cert adds a layer of encryption keeping that information private which is really important if you’re collecting login credentials and credit card details.
Related: SSL Certs for SEO
8. Research your web host provider
Ask if the web host offer support, backups and advanced security configurations. Your host should be vigilant about applying the latest security and following important best practices related to server and file security. Choose a reputable host who has good reviews regarding security and updates.⠀⠀⠀⠀⠀
9. Install a WordPress security plugin to handle security tasks
Using a WordPress security plugin can help with several WordPress security tasks that would otherwise take a log of time and technical knowledge. My favourite two plugins are iThemes [affiliate] and Wordfence.
10. Set up WordPress security logging
WordPress security logs are another way to keep tabs on activity on your website related to your security. A lot of WordPress security plugins can email you about certain suspicious activities like file changes, brute force attacks, lockouts, etc.
WordPress itself is a secure platform, but it is your responsibility to keep your site safe and secure. These ten tips will get you started!