Bluesix Managed WordPress hosting takes care of your site for you. But if you already have hosting somewhere else, here’s how to can improve your security to keep it safe from hackers.
Updating
To keep your site safe from hackers and malware, it’s important to keep your site up to date at all times – this includes your theme, your plugins, and WordPress itself. Updates are released frequently, so depending on how many plugins you have, you may need to update weekly or monthly. It’s simple to update – just log into your admin area, and under the Dashboard menu you’ll see “Update”, then just follow the prompts. Ensure that your web host maintains an update to date server with recent versions of the stack used to serve your site (eg Linux, Apache, MySQL, PHP)
Backup
Like any software, you always want to ensure you have a recent backup. And you want to store that backup “offsite”, so if there’s a major server issue, your backup is safe. We use UpdraftPlus for all our clients, set to run daily, and send our backup file to AWS S3 for safe keeping.
Security
Prevent hackers exploiting known vulnerabilities in plugins by installing a WordPress security plugin like Wordfence. Wordfence also includes a number of other important security protections like notifying you of pending plugin updates, preventing users using simple passwords, and automatically locking out repeated failed login attempts. We recommend you also block xmlrpc.php access.
Best Practice Tips
Follow best practice, like:
- Don’t have a user account called “admin”
- Use strong, complex and unique passwords. Use a password manager.
- Only use themes and plugins that have large install counts, are regularly update and have good support.
For more information, follow WordPress’s on advice on hardening your WordPress site.