5 WordPress Security Tips to Protect Your Website
By Gravity Forms
Published January 10, 2020
You may think your website has no appeal to hackers, but think again: On average, 30,000 websites are hacked every day, allowing cyber criminals to distribute malicious codes to website visitors and obtain sensitive information from your clients and customers. WordPress now powers 34 percent of the Internet, making it one of the most popular CMS platforms, but this popularity means that hackers have had a lot of practice finding the platform’s vulnerabilities thanks to automated software and tried and tested techniques.
To keep your website from being compromised, here are five tips to combat the most common WordPress security issues, as well as the best WordPress security plugins to keep your site safe.
Choose a Strong Password and Change It Often
You may get annoyed with the complexity of some password requirements—upper and lowercase letters, numbers, a symbol, a minimum number of characters—but these requirements ensure no hacker makes the right guess when trying to access your website. Every year, SplashData compiles a list of the most common passwords, and every year the same three top the list: 123456, password, and 12345678. And the most common username? Admin.
Even if you think that having a unique password is enough, having a unique username makes your site doubly secure. With every character you add to your login credentials, the guesses that hackers or hacker bots have to make only increases. After all, hackers are rarely actual people—instead they are automated tools used in brute force attack, a cyberattack that is capable of guessing various password combinations within mere moments.
In addition to choosing a strong username and password and changing your password frequently, consider a plugin like iThemes Security Pro, which features brute force protection and strong password enforcement.
Run Backups
Even if you have taken extra precautions to keep your site secure, you should always run regular backups. This can be a lifesaver—not only in the case of getting hacked but also if you lose data for any reason, such as while updating the site or installing a plugin.
The key to deciding how often you should back up your site is how often you make changes. If you update on a regular basis, you can use plugins like BackUpWordPress or VaultPress to back up daily or even back up your site manually.
Limit Your Plugins and Update the Ones You Have
Although plugins can be extremely useful, having too many of them can slow down your site and even make it more vulnerable to hackers. Inactive or outdated plugins leave your site open for hackers to inject scripts with malicious code, either redirecting users or harassing them with unwanted pop-ups.
If you’ve stopped using certain plugins, get rid of them while updating the plugins you continue to use. It’s also important to be suspicious of new plugins—especially free ones, which may not offer the best security measures.
Upgrade to HTTPS
An easy WordPress security measure you can take is upgrading your site to HTTPS, which encrypts the connection between your web browser and your web server, shielding your site from hackers while you transfer data from one server to another.
Switching to HTTPS also protects your site from unreliable hidden scripts available on your computer system, as well as a script that is used to steal data from login forms. Simply follow this tutorial to upgrade to HTTPS.
Know What to Do If You Get Hacked
What if you follow all the right measures, update all your plugins, and still get hacked? If you can still access your WordPress dashboard, install WordFence and run a scan. It will provide a tally of the threats it found and sound recommendations, which you can perform at the press of a button. If you’re still having issues, contact your host and see what they can do from their end. Luckily, if you ran that backup, you will at least have your data saved.
Don’t let the threat of hacking stop you from getting the most out of your website. But remember, keeping your website secure is an ongoing process. Follow these tips and resolve any bugs that seems suspicious to you, and you can be sure that cyber criminals will stay far away.
A Note About Gravity Forms and Security
Security is one of the top priorities at Gravity Forms and we are proud to be one of the most secure form builders in the industry. Along with fine grained user permissions, anti-spam protection, file upload security, and sanitization of submitted data, we also regularly have our code reviewed by an independent auditor.
We feature automatic and background updates, so when enabled, Gravity Forms will be updated automatically without you needing do anything on your end. Otherwise, you’ll see a notification on your WordPress dashboard to upgrade when a new release is available. Read more about our security best practices here.
If you want to keep up-to-date with what’s happening on the blog sign up for the Gravity Forms newsletter!