Top 6 WordPress Security Tips

If you are running your website using WordPress then this post is a ‘Must Read’. Today we are going to be looking at what you should be keeping an eye on very closely indeed.

Let’s not underestimate WordPress, it is an open source blogging/website platform that allows you to get a website up and running very quickly indeed with lots of plugins and themes freely available to download.

1. Keep It Secure
We have probably spoken about this a hundred times. We suggest you get your access passwords secure. Choose a password for your admin area that is as secure as you can, at least 15 characters containing a mixture of uppercase, lowercase, numbers and symbols. This will protect your website against brute force password attacks.

2. Get Your User Levels Right
You will have an administration account (the one that is created initially). Use this only for website administration. You should create a user that can only do basic functions like posting content and managing posts. You have to remember that ultimately the Internet is not that safe and transmitting data using your administration account can expose you.

3. Check Your Plugins & Themes
This is where the primary problem is with security. Plugins are released open source and often with security flaws in them (bad coding, even deliberate security weaknesses). You should have a web professional like Pebble look at these before deploying them on your website.

4. Keep It Up To Date
This is often overlooked sadly. There is a reason why updates are released and you are lucky because they inform you in your admin area when one is available. Have a read of the release notes to see what is changing. Updating is easy and normally takes a few minutes. Once the update is complete, check your website to make sure everything is working how it should be.

5. Disable PHP File Editing
If an attacker does manage to get into your website then if you have disabled file editing you should be all good. To ensure PHP file editing is disabled, simply add this code to your “functions.php” file:
define(‘DISALLOW_FILE_EDIT’, true);

6. Keep It Backed Up
This is also an item that is sadly overlooked. Make sure your website is backed up at all costs. If you are a business and your retail store closed down for the day you would be running around going crazy, good backups mean you can quickly get your website back up and running quickly. At Pebble we often get asked what is a good frequency to backup and we look at it like this: If you making changes to your website everyday then use an automated backup utility on your web server to back it up daily, all other less frequent updated website should be backed up once per week.

We know these items above sound a bit scary but WordPress is a great platform that some of the biggest companies in the world use and used correctly means you have a fantastic website.

For more information about how Pebble look after WordPress websites please telephone us on 01733 902070, email us via our contact form or direct message us on Twitter @pebbleltd.