Essential after installation wordpress security checklist
Your website is always under attack. Regardless of you big or small in size your website is, keeping it safe is your top most priority. It is your duty to secure your website for your visitors, clients and your business.
- Secure login details
- Secure WordPress login URL
- SSL Enctyption
- Backup your website
- On time backup
Although, WordPress being the most popular CMS in the world for managing from small scale to large scale websites, it is not the most secure CMS because websites made using WordPress constantly come under attack. Hackers usually exploit some of the fundamental components for issues and use them to hack into your website.
According to wpscan.org, out of 3972 known WordPress security vulnerabilities:
- 52% are WordPress plugin based
- 37% are core WordPress based
- 11% are WordPress theme based
So how exactly can you secure your WordPress website? Below, you will find 5 essential security tips that you should consider right after WordPress installation.
2. Use secure username and password
Here are two general rule of thumb before setting up your WordPress administrator account.
- use your email as your username (using admin or administrator is a big NO)
- if you can remember your password, its not strong enough.
Yes, its better to use a full email address instead of a username while creating an account because emails are usually longer than plain usernames. This will make your username secure to some extent.
On the other hand, there is no alternative to a secure password. Your password has to be absolutely secure. Make sure your password is atleast 32 characters with numbers, symbols and letters with caps on and off and make it as random as possible. There are many websites that will generate random passwords such as Secure Password Generator. If you want to go extra mile, you should use various password managers like Sticky Password, Dashlane and LastPass.
3. Secure WordPress login URL
Another very important yet extremely simple way to secure your WordPress login url using Captcha. Basically, all you have to do is install one of the captcha plugin like Really Simple CAPTCHA and this alone will protect your login url from automated attacks. Pretty neat, right?
Another way to securing your login url is by changing its to something else from /wp-admin, to do this, install a plugin like WPS Hide Login. Pro Tip: Mix Really simple captcha and WPS hide login for maximum security!
4. SSL encrypt your WordPress site
Its almost 2019, we should understand this very clearly that a website without the green SSL padlock is a red flag. SSL(Secure Sockets Layer) basically encrypts all the incoming requests and outgoing server responses in such a way that its almost impossible to hijack your client’s or your the data over the internet and best thing is, all big ssl providers give basic ssl for free. Most likely, your hosting company has already enabled ssl in your website, if not, you can ask them to do it or use the Auto SSL option in your hosting control panel. After that, you can have forced ssl throughout the WordPress website. My favorite plugin to force ssl is Really Simple SSL. All you have to do is, click one button and relax!
5. Back up your WordPress website
This goes without saying. If you have a website, back everything up in a regular basis. Two of my favorite plugins to make backing up laughably easy are UpdraftPlus WordPress Backup Plugin and BackWPup – WordPress Backup Plugin. Just having one of these plugin takes the headache away.
6. Update Update Update
As it was mentioned in the beginning, security attacks comes form outdated plugins, WordPress core and themes so it is absolutely essential to update your WordPress, plugins and themes as soon as you get notifications.
All of these tips are easy enough to do by someone who doesn’t want to get bothered with codes. They take about 15 minutes to do and they will make your WordPress website secure.