WordPress Website Security: How to Avoid Getting Hacked

Feb 27, 2018 | Website Security, WordPress

Reading Time: 3 minutes
Kevin Fouche

WordPress Website Security: How to Avoid Getting Hacked

Posted by Kevin Fouche, Pixel Fish Director

Kevin handles the planning, design, launch and training of every website that Pixel Fish creates. He ensures that every website is highly engaging and aligned with our client’s goals. With over 20 years of design and web industry experience to draw upon, Kevin aims to pass on his knowledge to our clients and like-minded businesses wanting to grow their online presence.

WordPress has become a very popular system for designing websites – and for a good reason. It lets you create a professional-looking website with terrific functionality and options. However, the more popular a system is, the more likely it is to be targeted by hackers. Here’s what you need to know about WordPress Website Security.

WordPress is open source, making it even more vulnerable – but only if the site owner fails to take fairly simple precautions.

WordPress Website Security: How to Avoid Getting Hacked

Here are some tips to help you keep your WordPress website from being hijacked.

1. Follow regular password best practices for the admin-level login.

Use a strong password that you don’t use on any other site and change it frequently. Passphrases are even better. Use a different username and password for the FTP access (required to install plugins and updates). Avoid storing the username and password in the browser, especially with laptops.

2. Don’t use “admin” for the admin username.

Also, don’t use your name, your company’s name – use something you can easily remember but that a hacker will find hard to guess.

3. Lockdown wp-login.php

This is the page that is loaded when you log in as admin. You can add it to .htaccess in the WordPress admin folder so that only allowed IPs can even load it. Some people also like to change the URL so that hackers don’t know what it is.

4. Limit the number of people with admin panel access to those who need it.

One of the nice things about WordPress is that you can have multiple people post updates, which also means the risk of a disgruntled soon-to-be-ex employee vandalizing the site. Also, educate anyone with access on basic security. Consider using Force Strong Passwords or a similar plugin to ensure good passwords are used.

5. Use SSL.

Most hosting companies will hook you up with an SSL certificate. This not only improves the security of your WordPress site but it’s Google ranking as well.

6. Security Plugins

Apply a plugin such as Wordfence or iThemes Security to alert you to changes to any files on the website. This is also particularly useful if you have multiple users, as it will tell you if somebody hacks in and help you keep track of who’s changing what.

7. Change the WordPress database table prefix.

If that seems a little bit Greek to you, then it’s a prefix that WordPress attaches to the database files. It can be changed on install or later with a plug-in. If your hosting company is doing the install, talk to them about changing to a custom prefix. This reduces the risk of database attacks.

8. Update WordPress and plugins regularly.

You can do it from the admin dashboard as long as you have the FTP login credentials (make sure to use the right ones – your admin username and password will not work).

9. Take regular backups of your site.

Your hosting company may do this for you, but it is worth taking a snapshot yourself, especially if you are about to do something which might mess with the database. Having a recent backup means that if the worst happens and somebody puts porn on half of your pages you can quickly restore the site to its former state.

WordPress is one of the best ways to run a modern website that looks good and works smoothly, but its popularity and the open-source nature of its scripts make it more vulnerable. Remember to take simple WordPress security precautions to protect your site and your business’ reputation.

If you are looking for a web design company that can help you put together a secure – and beautiful – WordPress site then contact Pixel Fish today.

Let Sydney’s leading Web Design Agency take your business to the next level with a Pixel Fish Small Business Website.

Check out some of our latest Website Design projects and Testimonials.

Check out what Pixel Fish provides their clients.

Further Information:
Top 10 Tips to Create The Perfect Website Call to Action
Tips for Creating and Marketing a Financial Services Business Website
Top 10 Unbeatable WordPress Website UX Tips for your business
How to Drive Website Traffic with Podcasting for your business
Digital Branding: How to Create a Logo for your Digital Space
Top E-Commerce Shipping Options to Maximise Sales & Reduce Complexity
10 Social Media Publishing Tools To Streamline Your Content Marketing
The 8 Best Free Online Photoshop Alternatives

Stand out from your competition with a Pixel Fish website!

Contact us today on 02 9114 9813 or email info@pixelfish.com.au

Small Business Website Packages   | Custom Website Design   |   Ecommerce Websites

Related Blogs

Contact Pixel Fish - Website Design Agency

Get Started with a new Pixel Fish Website

We would love to hear about your upcoming website project

Kevin Fouché, Pixel Fish Director