The Top 10 WordPress Security Tips For 2019 That May Just Save Your Site

If so, you’re familiar with the pain that goes with managing your online security. Thankfully, our own list of proven techniques will help protect you from future problems and also show you how to repair your reputation with Google. It’s packed full of our highest impact recommendations and built from our own experience – often painful, so we know better than most how to arm yourself against attack. Read on to discover what we’ve found.

Have you spent days, picking through thousands of infected files? Repairing suspect files individually hoping it’s fixed your issues. Or submitted countless forms to Google asking to be re-indexed, only to find the issue still returns? That’s because up to half the core files in your site may have been injected with tiny Trojan programs and it’s almost impossible to determine where they are. Sound bad, it is, so you need to make the security of your site a priority and get it nailed down.

If you’re on WordPress the good news is that these attacks affect all types of sites, not just ones using WordPress. The BBC site was taken down back in December 2015 and CNN suffered similar attacks and outages in early January 2016. Moonfruit who run a simple but very powerful SAAS Website platform, had users locked out of their websites for nearly 2 weeks while they defended against ransom attempts threatening to infiltrate every one of their 5,500 websites. In fact, in a report by Forbes there are nearly 30,000 attacks every day across all platforms. That’s not all.

According to Information Week‘s recent article, up to 7% of the visits to your site are likely to be malicious attacks rather than the valued prospects you’re hoping for. In another article from Sucuri, every site on the internet is under attack by an average of 300 times a day.

So before you consider scrapping your entire WordPress site and moving to a new platform, consider first if there’s anything better, or robust enough to offer 100% security against attacks. It’s unlikely, so here is why being part of the WordPress community is so rewarding – there are hundreds of security options to protect your site, some are even free! If you’re not yet on WordPress consider you’ll get this level of support and piece of mind. Ready to find out the best approaches to WordPress security?. Great let’s go:

Our recommended approach to WordPress Website security is broadly divided into three main areas:

1. Monitoring & Protection

• The first and perhaps the easiest step to take is replacing generic WordPress username of Admin. Go into ‘Users’ and create a personal username with unique password – Check out this list, to avoid the weakest passwords!
• Delete the username ‘Admin’. Sounds obvious, but this is the clearest signal to would-be attackers that there are few security procedures in place
• If you’ve opted to use a theme, do some due diligence beforehand. Check the popularity (number of downloads), positive comments, frequency of updates and responsiveness of support – make sure it has a solid roadmap and thriving community to support it
• Ensure that you use as few plugins as necessary. To stay safe, each one will need updating regularly and if left alone, in time, could become a security threat in itself
• Install tools such as Wordfence or iTheme Security to alert you of malicious attacks as they happen. The free versions will pick up 95% of most attempts and keep a detailed log showing usernames, country of origin etc.

2. Scanning

• Install virus scanning software that indexes your website. iTheme Security does this pretty well, as do many other solutions such as Vaultpress, Sucuri or Exploit Scanner
• Run a test on Google’s Safe Browsing test. This will identify if Google detects any harmful activity or scripts on your website. If you have any SEO considerations, you’ll want this to be completely clear
• Run a test using MacAfee SiteAdvisor software. By installing a script on your browser you can run a test for your website and quickly see if it’s identified as safe or unsafe
• Consider installing Hotjar Analytics. Not only is this a fantastic analytics tool, through the use of behavioural videos, but it will also identify how the site might be being used differently.

3. Repairing and maintenance

The irony of website security is that as our clients climb search engine rankings, and perform higher in paid advertising, driving more and more visitors to their sites, they also attract the wrong attention. Hence we take website security seriously and consider it to be a subset of SEO and conversion rate optimisation.

We’ve seen the impact a malicious attack can cause on clients’ websites and developed the above approach as a response to the growing responsibility placed on website owners.