Intro
Hackers try to destroy websites all the time. Some do it to boast to their friends… others do it for profit – they demand a ransom for you to regain access to your site. If you don’t take precautions you will get hacked. It is vital for you to have effective website security. You might have the fastest, the busiest, the prettiest website around but if it gets hacked then what? Interestingly enough, it is not difficult to keep your website secure. How to protect your website in 2022? Read on…
Note: Please also watch the video below. Thank you.
Choose a Good Hosting Company
Inexpensive hosting can cost you dearly in the long term. The simplest way to keep your site secure is to go with a hosting company that provides multiple layers of security. There are a number of reputable hosting providers such as BlueHost (USA), Hetzner (Germany), WordPress (USA), XNeelo (South Africa) and others. Choose a hosting company that can significantly speed up your WordPress site, offers reasonable pricing and support 24/ 7, 365 days a year.
Use a Good Theme
There are a number of reputable organizations offering great themes such as: Astra, Twenty Twenty-One, Twenty Twenty-Two, Neve, etc…
Don’t Use Nulled Themes
WordPress Free themes offer many features. Premium themes offer even more features. There are sites offering nulled or cracked themes. A nulled or cracked theme is a hacked version of a premium theme, available via illegal means. Those themes contain hidden malicious code, which can destroy your website and database.
WordPress Updates
By staying updated with the latest version you are helping protect your site against being a target for pre-identified loopholes and exploits hackers can use to gain access to your site.
Update:
- to the latest version of WordPress
- theme: keep your theme up to date
- plugins: enable auto-updates.
Use a Strong Password
Passwords are a very important part of website security and often overlooked. Do not use passwords such as: ‘123456’, ‘abcdef’, ‘admin’, ‘password’. Use a complex password with a variety of letters, numbers and special characters such as % or @ or $.
Users
Malicious bots register on your website for various reasons: they’re looking for weaknesses in your site to exploit them for further gain; to gather all of your email addresses and send spam; steal your identity, etc…
Go to ‘Users’ and delete the ones that need deletion.
Block Comment Spam – Akismet
Akismet is a service that filters spam from comments, trackbacks, and contact form messages. The filter works by combining information about spam captured on all participating sites, and then using those spam rules to block future spam. Akismet is offered by Automattic, the company behind WordPress.com.
Google reCAPTCHA
Protect WordPress website forms from spam entries with Google reCaptcha. Easily apply reCAPTCHA to any page and post. There are a number of plugins offering reCAPTCHA. I use reCaptcha by BestWebSoft. This plugin passed all the tests on WP Hive Insights.
Install an Effective WordPress Security Plugin
There are a number of very good security plugins two of the better known being Sucuri and Wordfence. I use Wordfence on various sites. Both Sucuri and Wordfence scans will examine all files on your WordPress website looking for malicious code, backdoors and shells that hackers might have installed. They also scan for known malicious URLs and known patterns of infections. These plugins automatically update for the latest firewall rules, malware signatures and malicious IPs to keep your website safe.
Sucuri is a premium plugin whereas Wordfence offers a free as well as a premium plan. The free version of Wordfence offers many useful features.
Limit Login Attempts, Block IP Addresses, Install Two-Factor Authentication and Install Google reCAPTCHA
By default, WordPress allows users to try to login as often as they like. This opens the possibility to brute force attacks. By limiting the number of login attempts, users can try a limited number of times until they are temporarily blocked. You can also set the time the user is locked out for. This reduces the possibility of a brute force attempt as hackers gets locked out before they can finish their attack. If you setup two-factor authentication make sure you don’t lock yourself out.
If you are using an effective security plugin such as Worfdence all these features will be provided (these features are all included in the free version of Wordfence). Install Wordfence and then go through the settings.
Install an SSL Certificate
Google will rank your website higher on Google search if your website’s URL starts with https instead of http. Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser.
SSL is mandatory for any sites that process sensitive information, i.e. passwords, or credit card details. Without an SSL certificate all of the data between the user’s web browser and your web server are delivered in plain text. This can be readable by hackers. By using an SSL, the sensitive information is encrypted before it is transferred between their browser and your server, making it more difficult to read and making your site more secure.
Almost every hosting company offers a free SSL certificate which you can install on your site. A popular free plugin is Really Simple SSL by Really Simple Plugins
Conclusion
Keeping your website safe is vital and it is not difficult. Much success with your website security.
What About You?
Is there/ are there any important additional features you use to keep your website secure? Let us know in the comments section below.
Video
Featured image by FLY:D on Unsplash
Looking for WordPress Training?
