Everything else

How To Stay Secure With WordPress – The Basics


At WDL we are WordPress experts. There are many reasons why WordPress is our CMS of choice, from its ease of use and extensive plugin availability to the regular updates which help keep it safe, secure and up to date. In our initial conversations with clients, we are often asked why they should go with WordPress and naturally, a big area of concern for any website is security. This blog aims to answer the question of how secure WordPress is and what you can do to ensure your WordPress site’s security. By the end of this blog, you will grasp the basics of staying secure with WordPress and have a better understanding of why WordPress is trusted as the CMS for millions of small and large businesses across the globe.

Choose your username and password wisely

Powering a third of all websites on the internet, WordPress is by far the most popular CMS. However, such popularity makes it a prime target to attacks from around the world. With so many users and so many attackers, is WordPress up to the task of handling those attacks? Unfortunately, stats show that every year hundreds of thousands of WordPress site’s are hacked. But before you click off this blog searching for “how to build a site without WordPress” let me state that the majority of these hacks are the result of poor user passwords and usernames. So if you’re thinking of using the username “user”, “admin” or something similar, then I strongly advise you to think of something a bit less hackable (anything is better than “user”).

In a similar way, your password should be something you will remember but it also needs to be a strong password that cannot be easily guessed. A strong password contains a mix of lowercase and uppercase letters, numbers, symbols and a minimum of 8 characters (the longer the more secure). Whatever you do, do not use the same password as your personal accounts such as your Facebook, Instagram accounts. You may be thinking to yourself, “how on earth am I supposed to remember all of these complex passwords”; we recommend using a password manager such as 1Password. Password managers save you from the trouble of having to click the dreaded “forgotten password” button or writing it down on a scrap piece of paper which may get lost or find its way into the wrong hands.

Back it up with a backup

At WDL we back up all of the sites that we host twice a day. By regularly backing up your site you are able to recover from a compromised website in one or two clicks. Speak to us today if you would like to hear more about the best way to backup your site.

SSL Certification

You may or may not have heard of SSL. If you have a website or are looking to make a website then SSL is a must. Not only does SSL ensure your data is secure, but it is also beneficial for your search rankings. SSL will make your website safer for your website visitors and they will be more likely to trust you. If you look at your browser right now, do you see that small padlock? Trust me, if you manage a website in 2019 you need that padlock.

Update, update, update

The WordPress security team is made up of a group of 50 highly qualified researchers and developers. They work tirelessly to identify any WordPress vulnerabilities. Often, the security team will identify a vulnerability and release an update to fix these. Those users who update are safe from attackers exploiting such vulnerabilities, but those who do not, have statistically been proven to be far more likely to experience issues.

One of the many reasons why we love WordPress is the vast array and availability of high-quality plugins and themes. However, more plugins and themes mean more ways of hackers to get to where they want to be. Plugins that are well looked after by their developers will have regular updates which will patch any issues, keeping them free from any vulnerabilities and their users safe from hackers. But unfortunately updates can be troublesome and functionality may change, causing issues. However, by not regularly updating when these updates are released you put yourself in danger of being hacked, so we at WDL recommend checking for updates every week. If you would like some help with updating your plugins and website, then get in touch with us today.

Avoid abandoned plugins

Abandoned plugins are no good to anyone, unless you enjoy attacks on your site and all kinds of security problems (we’re not judging). If you spot a plugin that has not been updated for a long time then avoid it. It is likely that the developer is no longer managing the plugin and by using it you risk a number of security threats to your site. The best thing to do is search for a similar plugin that is being managed and regularly updated, or give us a call and we will be happy to do the best we can to suggest an alternative plugin to suit your needs.

Hosting environment and technologies

Many hosting environments use outdated technology. With only approximately a third of websites running on PHP 7 or higher, by using outdated technology you put your site at further risk to exploitation from malicious hackers. Keeping your technology and hosting environment in top condition will make your site less susceptible to any attacks and issues. At WDL we offer varied options of web hosting to suit a variety of websites. Get in touch with us today to speak more about this.

In the ever-evolving digital world, businesses and the way we operate is constantly evolving and the malicious groups and individuals who seek to gain from vulnerabilities in online systems are also ever-evolving, making it imperative that we stay one step or two steps (or more) ahead at all times. Whether you are a smaller business with a custom website or a large organisation with a completely bespoke website, the results of a breach in security will always be disastrous regardless of your organisation’s size and the complexity or simplicity of your website. No CMS is 100% secure, and WordPress is no exception, but by following the above tips your WordPress site will be far more secure than any other CMS alternative. With its constant updates and highly experienced and skilled security team, WordPress is the most secure option and the best option for you and your website.

To speak to us further about WordPress and its capabilities, or anything website/digital marketing related then get in touch with us today!