WordPress security is a hot topic. Learn how to keep out the bad guys.

WordPress is one of the most popular blogging and website platforms in use today. Due to its high adoption rate, however, WordPress is also one of the most attacked platforms on the web. Whether your site is a personal blog, a small business webpage, or a high-traffic e-commerce platform, good WordPress security is crucial. This article gives some simple tips for basic security, and discusses plugins that can help make your site more secure.

Don’t overlook the basics.

You’ve all heard it before. “Change your password.” “Use a better password.” “Your password is too simple.” It may seem like irritating nagging, but the principle is completely valid. Using a weak password is the Internet equivalent of having a front door made of straw. Sure, it lets people know you don’t want company, but will it keep out an intruder? If you’re using an easy password, or a short password (short is less than 16 characters, by the way), change it today.

Changing your username is also an excellent practice. If you login with “admin”, “administrator”, your name, or your cat’s name, stop now. Some WordPress installs will automatically suggest a random username. This is a good place to start.

Complicated passwords and usernames are hard to remember. Fortunately, you don’t have to. KeePass is a password safe which can keep all of your passwords and logins organized. It can also generate random passwords, so you don’t have to come up with them on your own (or worse, start using things like your birth date or Social Security Number). It can even sync with your smartphone, so your passwords are available wherever you go. KeePass is compatible with Windows and Mac.

Don’t blog from Starbucks.

Public Wi-Fi is convenient, isn’t it? It’s great to be able to check your email everywhere you go. It’s even better when your favorite cafe, restaurant, or library has Wi-Fi, because you can camp out. But is it really safe?

It’s incredibly easy for malicious people to monitor traffic on public Wi-Fi networks, and to look for usernames and passwords. Whether you think you have anything to lose or not isn’t important. Avoid the hassle and headache of being hacked; simply don’t provide the opportunity. A good rule of thumb is, if you care about it, don’t log in from Starbucks.

Work smarter, not harder.

You don’t have to be a security expert or a coder to learn about WordPress security. There are several great plugins out there to make your life easier. Below are three of our favorite tools to keep out the bad guys.

Clef is a default plugin with many WordPress installs. It’s a two-factor authentication method that uses your smartphone to log in to WordPress. Once Clef is installed on both your phone and your WordPress site, you simply use the phone camera to view your computer screen when you want to log in. It’s incredibly easy to use, and provides an additional layer of security. (EDIT: Clef support has been discontinued as of July 7, 2017. However, the Jetpack plugin is making two-factor authentication available to all of its users.)

Move Login is a simple way to befuddle would-be hackers. It moves the default login page on your website, so automatic hacking tools can’t find it easily. You can set the login page to anything you like. Be careful, though, because if you forget how to get there, you may need help getting into your site! Store the new login in your KeePass safe.

Another great plugin for any WordPress site is Wordfence Security. This is one of the most popular, comprehensive WordPress security plugins. Wordfence includes a firewall, a malware scanner, and the ability to block attackers from your website. If you’re not familiar with all of these tools, don’t worry – they offer a series of great tutorials here.

In conclusion, security doesn’t have to be a nightmare. WordPress can be a safe way to blog or have a website, so long as the appropriate measures are taken. If you’re not sure where to start, or you need some advice, contact us! We’ll be happy to help you out.