Have we connected yet?

  
Blogging
Pin It

Hacker phishing computerIf you’re looking for some quick and easy ways to increase the security on your WordPress website this post is just for you.

Before you make any changes to your current site it’s best to have a current backup. 

5 simple steps to instantly increase your WordPress Security:

  1. Upgrade your Plugins, Themes and your WordPress core.
    This is THE best way to avoid problems with your WordPress installation. Upgrades and updates are published to eliminate ‘buggy’ performance and keep the plugins/themes/core secure. If you’re a few versions behind on upgrades you’re putting your site at risk.
  2. Uninstall any plugins or themes that you’re not using.
    Why store digital clutter? If you’re not using it and you have no plans to, remove it. You’re only adding bulk and load time to your site.
    Note: Always keep one default theme (TwentyTen, TwentyEleven, or TwentyThirteen) so that you can easily troubleshoot any problems that may be related to your theme.
  3. Review your WordPress Users, remove anyone who doesn’t need current access then update your passwords.
    Be sure to use secure passwords, that means upper and lowercase letters, numbers and punctuation.
  4. Turn off registration for your WordPress website. 
    Visit your ‘General Settings’ page in your WordPress admin area and uncheck the box next to ‘Membership’ that allows anyone to register for your site.
    Note: If you’re running a WordPress membership site OR if you require users to ‘register’ to leave comments you should SKIP this step.
  5. Consider adding some Plugins to increase your website’s security. 
    There are many, many plugins that you can install that will modify settings and provide you with added security but if you’re not comfortable with verbiage they use to describe what and how they’ll do that is it really a good idea? If the plugin goes hay-wire will you even know where to start to fix it? Personally, I stay away from things that ‘feel’ complicated to me because I know for a fact if it ‘feels’ complicated to me it’s definitely going to make my client feel lost.

Recommended WordPress Security Plugins:

  • Limit Login Attempts -
    This plugin will allow you to limit the number of possible login attempts by IP address. By default WordPress allows unlimited login attempts. This plugin lets you customize how many attempts, how long the IP address is locked out of the site and it will even email you when there are failed login attempts.
  • Whitelist IP Address for Limit Login Attempts -
    This is a great plugin to install along with Limit Login Attempts… because we all have those days where our fingers are ‘fat’ and we mistype passwords. It’s less than pleasant to end up locked out of your site for 36 hours (or whatever your setting may be) because you fat-fingered it. :)
  • Sucuri Security* -
    This plugin was created by the folks at Sucuri and it is free. This plugin will scan your site for malware, spam, blacklisting and other security issues. It has options for 1-click security upgrades which are also easily reversible through the plugin menu. This is my preferred Security Plugin for clients because the verbiage used to explain the steps/processes is simple terminology AND they provide for easy reversals if the updates aren’t compatible with a plugin or theme you’re running. Note that this plugin does have an option for upgraded paid security.
  • WP Clone -
    One step backup protection for your website. While this isn’t necessarily a ‘Security’ plugin keeping current and clean backups of your website ARE necessary. This plugin allows for quick and easy backups and restoration.

Now, I realize these first three steps seem pretty easy and maybe even a little bit obvious but I can not even begin to tell you how many people just don’t upgrade their websites…. This is the SINGLE most important step to keep your website secure. 

If you’re not up for your own WordPress maintenance because you don’t have the time or the desire to ‘mess with it’ check out my WordPress Maintenance Plans. Here’s what one of my most recent WordPress Maintenance clients had to say when her websites were brought up to date:

Patty Bear, The Flying Club

“You’re a lifesaver! Thanks so much for your careful attention to all of this. It just makes my head hurt to even think about it, but I know it needs to be done and it’s a relief to have it all taken care of.”

Click here to view my current WordPress Maintenance Plans, you too will feel relieved knowing you don’t have to worry about updating your site or running your own backups.

Melissa

*When this post was  originally published this plugin was called “Sucuri Free” On 02-02-2014 this plugin was updated by the author and the name was changed to Sucuri Security – SiteCheck Malware Scanner. It is still the same plugin with the same great features. :)

 

Share This: Share on Facebook23Tweet about this on Twitter14Google+6Share on LinkedIn1Email to someone
Lets Connect

Melissa Barham

Web & Graphics Designer, Virtual Assistant at MelissaBarham.com
Work at home mom, wife and social media junkie. I Provide small businesses with WordPress and Graphics Design along with DIY WordPress Tips & Training.
Lets Connect
About Melissa Barham

Work at home mom, wife and social media junkie. I Provide small businesses with WordPress and Graphics Design along with DIY WordPress Tips & Training.


Comments

  1. OMG I totally did that trying to log into the wordpress app on my iPhone! GAH! Apparently the iPhone app is not the same as the android app. I kept putting in my wp.com user/pass but it needed my actual user/pass. Sheesh! then I was locked out! OMG! I just went in via FTP and renamed that plugin file so I get in. But not many people know that trick. LOLz But what a pain! So YES the whitlelist plugin is a MUST! haha Which I have now :D

    I am definitely going to look into WP Clone, though right now I am using WP backup to Dropbox. But I am realizing that I still need to go in and clean up files, especially after I have dropped some plugins and themes from my dashboard.

    Something else is broken links. I really like the broken links plugin, and even though a lot of people say it’s a server hog, I’m not seeing that. JetPack and the Simple Sharing plugin are server hogs compared. O.o But the broken Link plugin does not see broken links in comments. Holy cow! I spent 4 hours cleaning up the broken links that were missed o.O But on the plus side, I totally improved my site speed/performance just fixing those broken links.

    Thanks for sharing these, Melissa! You are awesome!!! <3
    Kimberly ~ Gypsy recently posted…7 Ways to Create an Amazing 2014My Profile

    • Yes, Kimberly, I’ve had to do the same when I locked myself out of a clients site before… :)

      WP Clone is really nice and it’s one click. The only problem I’ve found with it is if you have a ton of content on your site the backups will fail. However, for a normal WP user on a run of the mill WordPress site it is a great tool.

      I run a broken links plugin but I haven’t noticed any lag. Glad you found this post helpful and thank you for commenting and sharing. :)

      -Melissa
      Melissa recently posted…Get Organized, Clean up your WordPress Media Area Today!My Profile

  2. Thanks for the reminder. I just done a backup (via my Cpanel) and had been meaning to update WordPress as it kept telling me a new update was available. Just finished updating it. I use WP Security. Any thoughts on that one?
    Debra Jason recently posted…6 Steps for Recognizing Good Copy When You’re Working with a CopywriterMy Profile

    • Debra,

      If you’ve already got a plugin installed and its’ working well for you I’d stick with it. :) Better WP Security is a good plugin, it’s a bit more complex than Securi Free which can be a tad confusing if you’re not sure what you’re doing. It definitely has you (or your website) covered and offers a few more things than what Securi Free.

      Thanks for dropping in, commenting and sharing this post. :)

      -Melissa
      Melissa recently posted…How do you protect your business when you work with a team?My Profile

Speak Your Mind

*

CommentLuv badge
↑ Top of Page