WordPress security hardening is an important part of any site owners duties. In general a WordPress site that is kept updated is pretty secure. However, often times just keeping the site updated isn’t enough. A process known as “WordPress Hardening” becomes more crucial as your website becomes more important to your business. The last thing you want is a mission critical website to be hacked rendering your site useless.
The most basic thing you should be doing is to make sure your passwords are secure. Gone are the days when a password could be a simple name or your child’s birth date. Passwords today need to be longer and must contain numbers, letters (both upper and lower case) and special characters. You should also change your passwords frequently. Oh and don’t make the mistake of using the same password for all of your sites and for your online banking, social media services etc. I know it’s not easy but to be secure, each and every password should be random and different. I recommend a paid password manager (like dashlane) to keep track of all of your passwords for all sites. Additionally, a mistake people often make is they create a great, random password but us “admin” as their username. Your username should also be unique (maybe even a randomly generated username).
Once you have your WordPress site updated and all of your usernames and passwords are unique and randomized you can rest assured that you have a site that will be secure to “most” of the outside world. However, that’s not a 100% guarantee that you’re safe. There can still be issues for example, hackers often use automated bots that relentlessly try username/password combinations. If allowed to remain on you site indefinably they will ultimately gain access to your site. To combat these kinds of attacks we recommend a number of plugins, ranging from a plugin that add a CAPTCHA or a “honeypot” to the login pages. There are also plugins that will block users after a certain number of failed attempts. Additionally, there are plugins that can create a Firewall around your site to block any known bad IP addresses or even blocks of IP addresses. The solution (or solutions) you should use are really up to you and how careful you want to be with your site.
Obtaining and SSL (Secure Sockets Layer) for your site is another important consideration. An SSL is a means of encrypting the data that travels between the user and the website. So when a visitor enters their credit card information on an ecommerce website, the data is converted to a random string of characters, sent over the Internet to the ecommerce website where it is converted back to the actual credit card information. The data that is being transmitted is useless to until it is converted back so even if a hacker was able to intercept the data, it won’t do him or her any good. In the past SSL’s were only used mainly for ecommerce websites but more recently have become important even on non-ecommerce sites. When logging into your WordPress admin dashboard on an SSL protected website, your username and passwords are encrypted in the same way that the credit card information is encrypted on an ecommerce site.
The bottom line the type and amount of security you should have on your site is an important consideration. As a WordPress Security Consultant, I can help you craft a plan and put it into action.