If you’re looking for some quick and easy ways to increase the security on your WordPress website this post is just for you.
Before you make any changes to your current site it’s best to have a current backup.
5 simple steps to instantly increase your WordPress Security:
- Upgrade your Plugins, Themes and your WordPress core.
This is THE best way to avoid problems with your WordPress installation. Upgrades and updates are published to eliminate ‘buggy’ performance and keep the plugins/themes/core secure. If you’re a few versions behind on upgrades you’re putting your site at risk.
- Uninstall any plugins or themes that you’re not using.
Why store digital clutter? If you’re not using it and you have no plans to, remove it. You’re only adding bulk and load time to your site.
Note: Always keep one default theme (TwentyTen, TwentyEleven, or TwentyThirteen) so that you can easily troubleshoot any problems that may be related to your theme.
- Review your WordPress Users, remove anyone who doesn’t need current access then update your passwords.
Be sure to use secure passwords, that means upper and lowercase letters, numbers and punctuation.
- Turn off registration for your WordPress website.
Visit your ‘General Settings’ page in your WordPress admin area and uncheck the box next to ‘Membership’ that allows anyone to register for your site.
Note: If you’re running a WordPress membership site OR if you require users to ‘register’ to leave comments you should SKIP this step.
- Consider adding some Plugins to increase your website’s security.
There are many, many plugins that you can install that will modify settings and provide you with added security but if you’re not comfortable with verbiage they use to describe what and how they’ll do that is it really a good idea? If the plugin goes hay-wire will you even know where to start to fix it? Personally, I stay away from things that ‘feel’ complicated to me because I know for a fact if it ‘feels’ complicated to me it’s definitely going to make my client feel lost.
Recommended WordPress Security Plugins:
- Limit Login Attempts -
This plugin will allow you to limit the number of possible login attempts by IP address. By default WordPress allows unlimited login attempts. This plugin lets you customize how many attempts, how long the IP address is locked out of the site and it will even email you when there are failed login attempts.
- Whitelist IP Address for Limit Login Attempts -
This is a great plugin to install along with Limit Login Attempts… because we all have those days where our fingers are ‘fat’ and we mistype passwords. It’s less than pleasant to end up locked out of your site for 36 hours (or whatever your setting may be) because you fat-fingered it. :)
- Sucuri Security* -
This plugin was created by the folks at Sucuri and it is free. This plugin will scan your site for malware, spam, blacklisting and other security issues. It has options for 1-click security upgrades which are also easily reversible through the plugin menu. This is my preferred Security Plugin for clients because the verbiage used to explain the steps/processes is simple terminology AND they provide for easy reversals if the updates aren’t compatible with a plugin or theme you’re running. Note that this plugin does have an option for upgraded paid security.
- WP Clone -
One step backup protection for your website. While this isn’t necessarily a ‘Security’ plugin keeping current and clean backups of your website ARE necessary. This plugin allows for quick and easy backups and restoration.
Now, I realize these first three steps seem pretty easy and maybe even a little bit obvious but I can not even begin to tell you how many people just don’t upgrade their websites…. This is the SINGLE most important step to keep your website secure.
If you’re not up for your own WordPress maintenance because you don’t have the time or the desire to ‘mess with it’ check out my WordPress Maintenance Plans. Here’s what one of my most recent WordPress Maintenance clients had to say when her websites were brought up to date:
Patty Bear, The Flying Club
“You’re a lifesaver! Thanks so much for your careful attention to all of this. It just makes my head hurt to even think about it, but I know it needs to be done and it’s a relief to have it all taken care of.”
Click here to view my current WordPress Maintenance Plans, you too will feel relieved knowing you don’t have to worry about updating your site or running your own backups.
*When this post was originally published this plugin was called “Sucuri Free” On 02-02-2014 this plugin was updated by the author and the name was changed to Sucuri Security – SiteCheck Malware Scanner. It is still the same plugin with the same great features. :)
Latest posts by Melissa Barham (see all)
- How to add the new Pinterest “Follow” button to your website - July 14, 2014
- 10 More Free Genesis Child Themes - March 7, 2014
- 6 Great (Free & Mobile Responsive) Genesis Child Themes - February 21, 2014