• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Startup Hero

The Official Blog Of Name Hero

Learn To Fly Above The Competition Get Started
  • HomeWelcome
  • CoursesVideo Training Center
  • About UsWhat is StartupHero?
  • BlogGet the latest
  • Start HereStartup 101
  • SpeakingPodcast & Media
  • ResourcesTools to help You
    • Reselling WordPress Hosting
    • Resell Hero
    • How To Start A Blog
  • NameHeroCloud Web Hosting

6 Simple Tips To Keep Your WordPress Website Secure In 2018

By Ryan Gray on January 23, 2017 2

6 Simple Tips To Keep Your WordPress Website Secure In 2018

New Year, New President, new web host (if you just joined us), now is a great time to do a security audit of your WordPress website!

Unfortunately most people put this off until its to late costing them unwanted downtime and extra expenses trying to get it cleaned.

In the last two weeks I’ve personally been cursed out for this three separate occasions!  People really freak out when their website is suspended!

I can’t really say I blame them, downtime sucks, especially when you didn’t know you were doing anything wrong.

So that’s the purpose of this blog – to teach all you smart webmasters to be responsible with your WordPress websites :).

1. Use Strong wp-admin Credentials

It really doesn’t help that Softaculous defaults their one click installation to use admin as the username and pass as the password.  I wonder how many people neglect to change this?  Perhaps I’ll tweet this blog post out at them.

Understand, there are thousands of bots out on the Internet that spend all day doing dictionary attacks on your wp-admin page.  Once they gain access, it’s their site!  This can be solved by using a simple password generator.

I’ll never forget, one of my websites was once hacked because one of the admins had his password set as “firstname123.”  That’s one of the first things the dictionary attack bots go after!

2. Update WordPress, Plugins, Themes Often

In the last two years, WordPress has done an excellent job with their auto updater.  I know, it can be a bit frustrating when an update breaks some of your code, but this is one of the top reasons why a website gets hacked.

Especially when you’re running multiple websites, it can be easy to forget about updates, so leaving this option on is a great way to keep your site safe and secure.

It’s not a matter of if, it’s a matter of when your website gets hacked if you’re using an old version of WordPress.

3. Don’t Install Poorly Coded Themes/Plugins

Before installing a new plugin and/or theme, do some research!  Reviews will let you know a lot about the developer / product, but look at the change-log to see how often it’s updated.  Good scripts and themes are updated frequently.

Since WordPress is open source it makes it easy for amateur coders to develop a cool plugin that they can charge for.  Unfortunately many of these have been developed without proper quality assurance testing.

Personally, I’ve even fallen victim to this, buying themes on ThemeForest, then finding out later it was coded very poorly.  All hackers have to do is “train” their bots to look for certain themes, giving them wide open access to your website!

4. Install A Good WordPress Security Plugin

There are a lot of WordPress security plugins on the market, but you should use one that alerts you when things are out of date or when a failed login happened.

I’m a big fan of Wordfence but it can be taxing on your server load if you get a lot of daily unique visitors.  I’d say if you get under 1,000 daily visitors, give it a shot.

If you do more than that, you may have to have your developer take a look at your setup and determine what would be your most efficient security plugin.

5. Use Secure Connections (https)

If you’ve tried to login to your wp-admin without https it’s likely you’ve encountered errors with session handling!  This is actually a good thing! You should ALWAYS use https on at least your wp-admin area, but really your entire site.

With SSL now being free and automatic (thanks to Let’s Encrypt) you should ensure every domain and subdomain uses https.  I was telling a customer the other day, I feel like it will soon be a requirement across the Internet and I can see Google de-indexing non-ssl websites.

I actually have a video tutorial recorded about using SSL and WordPress here.

6. Backup Your Site Daily

Just like security plugins, there isn’t a lack of WordPress backup plugins out there!  Regardless which one you decide to use, make sure you can take a backup nightly and store it somewhere offsite such as Amazon S3 or your local hard drive. (a lot of our customers like BackupBuddy)

While we also backup your site nightly here at NameHero, it’s HIGHLY recommended you have your own copy.  That’s the first thing our techs are going to ask if you run into malware; “is it possible to restore from an older backup.”

This will save you a lot of headache being able to revert to a previous backup before any malicious code was installed. Also, don’t make the mistake of backing up your website on the same server it’s hosted, that won’t do you any good!

If you follow these six-tips and frequently audit them, you will keep your website safe from hackers and online.  If not, you’ll eventually learn why you should have!

While we do offer WordPress malware scanning / removal nightly here at NameHero, by the time we find it, your sites already in trouble!  Our scanner can help preventing the cancer from spreading, but it cannot prevent it!  Only you can do that!

Feel free to comment below with any questions!

Ryan Gray

Ryan Gray is the founder and CEO of NameHero, one of the fastest growing independent web hosts in the United States. Ryan has been working online since 1998 and has over two-decades experience in Internet Entrepreneurship.

Reader Interactions

Trackbacks

  1. WordPress hosting guide says:
    July 19, 2017 at 10:03 am

    […] 6 Simple Tips To Keep Your WordPress Website Secure In 2017 […]

    Reply
  2. WordPress hosting guide - Webzinio - Web page development says:
    May 15, 2018 at 10:22 am

    […] 6 Simple Tips To Keep Your WordPress Website Secure In 2017 […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Connect With Us!

Superhero Resources

Fix Common Issues

  • How To Setup Free And Automatic SSL Certificates
  • How To Setup Cloudflare With Railgun
  • How To Fix Memory Exhausted Errors In WordPress
  • How To Edit PHP Version/Upload Limit/Add Extensions
  • How To Move/Migrate Your Business To Name Hero

Free Guides

  • How To Setup NameHero Hosting
  • How To Create A Web Hosting Business With WordPress
  • How To Start A WordPress Blog
  • How To Migrate WordPress To A VPS
  • How To Speed Test And Optimize Your WordPress Website
  • Magento 2.X Installation Guide
  • How To Clean Up A WordPress Hack

Training

Recent Posts

  • Why I Don’t Use Two Factor Authentication
  • Filtering Out “replytocom” Bots On WordPress
  • Five Years Straight Of 99.9% Website Uptime – NameHero
  • What Can You Do To Improve Mobile Load Times?
  • The Challenges Of Rate Limiting For Websites
  • When Hosting Location Doesn’t Matter (And When it Does)
Subscribe in a reader
  • Web Hosting
  • WordPress Hosting
  • Reseller Hosting
  • VPS Hosting
  • Twitter
  • Facebook
  • LinkedIn
  • YouTube
  • FTC Disclosure
  • Earnings Disclosure
  • Privacy Policy

Copyright © 2021 · Smart Passive Income Pro on Genesis Framework · WordPress · Log in