Keep Hackers Away
Every decision you make about website needs to consider the question, “How will this affect the security of my site?”
Web security is built in steps with the point of each layer to make it a little more difficult for hackers to get in. Our goal is to put up just enough steps so that they give up and move on to a site with fewer layers.
What is WordPress Security?
Many website owners think that WordPress security is a plugin they install or a service they buy. It is much more than that. Security is a mindset, it’s not a specific thing. It is something you should think about in every decision you make about your website.
- Want a new theme? What is the theme developers reputation security-wise?
- Want to add a new plugin in? How secure is it? Have there been any vulnerabilities reported in it?
- Want to hire a new contractor? What do others have to say about their work? Is their code secure?
These are the steps to security:
- The first step is a network firewall
- Your application firewall (in WordPress, this is usually a plugin)
- Strong passwords
- 2 factor authentication
- Moving your wp-admin directory to a different name
- Not using the login name “admin”, or your business name
- Disable XML-RPC
- And finally, set up reminders to update your website’s plugins reqularly
None of these things by themselves are going to make your site secure but all of them together will make your site secure so that hackers move on to a site with less security. Another good news is that you can nowadays easily secure your website by hosting your website with a high-quality hosting partner that commits to security.
I haven’t included having an SSL certificate (https:) for your site as these days its something you should do when you set up any and every website. They improve your security and your search engine ranking and they are now free.