Top 6 Wordpress Security Tips

We explore how to keep your Wordpress website safe as we go into the new year.

share on facebook share on twitter share on google share on digg share on linked in share on stumble upon

If you are running your website using Wordpress then this post is a 'Must Read'. Today we are going to be looking at what you should be keeping an eye on very closely indeed.

Let's not underestimate Wordpress, it is an open source blogging/website platform that allows you to get a website up and running very quickly indeed with lots of plugins and themes freely available to download.

1. Keep It Secure
We have probably spoken about this a hundred times. We suggest you get your access passwords secure. Choose a password for your admin area that is as secure as you can, at least 15 characters containing a mixture of uppercase, lowercase, numbers and symbols. This will protect your website against brute force password attacks.

2. Get Your User Levels Right
You will have an administration account (the one that is created initially). Use this only for website administration. You should create a user that can only do basic functions like posting content and managing posts. You have to remember that ultimately the Internet is not that safe and transmitting data using your administration account can expose you.

3. Check Your Plugins & Themes
This is where the primary problem is with security. Plugins are released open source and often with security flaws in them (bad coding, even deliberate security weaknesses). You should have a web professional like Pebble look at these before deploying them on your website.

4. Keep It Up To Date
This is often overlooked sadly. There is a reason why updates are released and you are lucky because they inform you in your admin area when one is available. Have a read of the release notes to see what is changing. Updating is easy and normally takes a few minutes. Once the update is complete, check your website to make sure everything is working how it should be.

5. Disable PHP File Editing
If an attacker does manage to get into your website then if you have disabled file editing you should be all good. To ensure PHP file editing is disabled, simply add this code to your "functions.php" file:
define('DISALLOW_FILE_EDIT', true);

6. Keep It Backed Up
This is also an item that is sadly overlooked. Make sure your website is backed up at all costs. If you are a business and your retail store closed down for the day you would be running around going crazy, good backups mean you can quickly get your website back up and running quickly. At Pebble we often get asked what is a good frequency to backup and we look at it like this: If you making changes to your website everyday then use an automated backup utility on your web server to back it up daily, all other less frequent updated website should be backed up once per week.

We know these items above sound a bit scary but Wordpress is a great platform that some of the biggest companies in the world use and used correctly means you have a fantastic website.

For more information about how Pebble look after Wordpress websites please telephone us on 01733 902070, email us via our contact form or direct message us on Twitter @pebbleltd.

Useful Resources:

- Web Design Essentials
- Web Design Services
- Contact Us

Top 6 Wordpress Security Tips

Posted in Web Design by on 30 December 2014

Related Posts

Get Your Website Contact Form Converting
GET YOUR WEBSITE CONTACT FORM CONVERTING
CMS Essentials
CMS ESSENTIALS
Why is WordPress So Popular?
WHY IS WORDPRESS SO POPULAR?
Making Your Contact Page Work Harder
MAKING YOUR CONTACT PAGE WORK HARDER
Using Images On Your Website
USING IMAGES ON YOUR WEBSITE
Why does it matter where I host my website?
WHY DOES IT MATTER WHERE I HOST MY WEBSITE?

Fresh From Twitter...

Join the conversation on Twitter @pebbleltd
for all the latest news on web design, ecommerce and search engine marketing with one of the leading web design agencies in the uk

  • Pebble (Peterborough)

    26 Tesla Court
    Innovation Way
    Peterborough
    PE2 6FL

    Tel: 01733 902070

    View On Map

  • Pebble (Kings Langley)

    The Old Chapel
    69 Primrose Hill
    Kings Langley
    WD4 8HX

    Tel: 01442 505878

    View On Map

Pebble Ltd is registered in England & Wales: 06257777 and registered for VAT No: 993 3500 06

Pebble Ltd is Data Protection registered ZA122783

Top 6 Wordpress Security Tips Top 6 Wordpress Security Tips We explore how to keep your Wordpress website safe as we go into the new year.

If you are running your website using Wordpress then this post is a 'Must Read'. Today we are going to be looking at what you should be keeping an eye on very closely indeed.

Let's not underestimate Wordpress, it is an open source blogging/website platform that allows you to get a website up and running very quickly indeed with lots of plugins and themes freely available to download.

1. Keep It Secure
We have probably spoken about this a hundred times. We suggest you get your access passwords secure. Choose a password for your admin area that is as secure as you can, at least 15 characters containing a mixture of uppercase, lowercase, numbers and symbols. This will protect your website against brute force password attacks.

2. Get Your User Levels Right
You will have an administration account (the one that is created initially). Use this only for website administration. You should create a user that can only do basic functions like posting content and managing posts. You have to remember that ultimately the Internet is not that safe and transmitting data using your administration account can expose you.

3. Check Your Plugins & Themes
This is where the primary problem is with security. Plugins are released open source and often with security flaws in them (bad coding, even deliberate security weaknesses). You should have a web professional like Pebble look at these before deploying them on your website.

4. Keep It Up To Date
This is often overlooked sadly. There is a reason why updates are released and you are lucky because they inform you in your admin area when one is available. Have a read of the release notes to see what is changing. Updating is easy and normally takes a few minutes. Once the update is complete, check your website to make sure everything is working how it should be.

5. Disable PHP File Editing
If an attacker does manage to get into your website then if you have disabled file editing you should be all good. To ensure PHP file editing is disabled, simply add this code to your "functions.php" file:
define('DISALLOW_FILE_EDIT', true);

6. Keep It Backed Up
This is also an item that is sadly overlooked. Make sure your website is backed up at all costs. If you are a business and your retail store closed down for the day you would be running around going crazy, good backups mean you can quickly get your website back up and running quickly. At Pebble we often get asked what is a good frequency to backup and we look at it like this: If you making changes to your website everyday then use an automated backup utility on your web server to back it up daily, all other less frequent updated website should be backed up once per week.

We know these items above sound a bit scary but Wordpress is a great platform that some of the biggest companies in the world use and used correctly means you have a fantastic website.

For more information about how Pebble look after Wordpress websites please telephone us on 01733 902070, email us via our contact form or direct message us on Twitter @pebbleltd.

Useful Resources:

- Web Design Essentials
- Web Design Services
- Contact Us

Contact Pebble

  • Pebble Ltd (Peterborough)
    26 Tesla Court
    Innovation Way
    Peterborough
    PE2 6FL
    Tel: 01733 902070
  • Pebble Ltd (Kings Langley)
    The Old Chapel
    69 Primrose Hill
    Kings Langley
    WD4 8HX
    Tel: 01442 505878