wordpress securityIf you are not taking the proper steps, your WordPress website could be vulnerable for security issues. Like many modern software packages, WordPress is updated regularly to address new security issues that may arise. Here are key points to securing your site:

  1. Improving software security is always an ongoing concern, and to that end you should always keep up to date with the latest version of WordPress. Older versions of WordPress are not maintained with security updates.

    So, if you do not have a backup/update plan in place at the very least on a quarterly basis, then your site could potentially be hacked. This recently happened with a hosting client that I have. They use another web development firm that did not keep the WordPress theme and plugins updated. As a result, someone hacked into their WordPress login and compromised their files to redirect mobile viewers to another mobile site.

    Before updating the WordPress version, plugins and themes, make sure you backup your files first. If you encounter a plugin or theme conflict with the new version, then you will have the backup to restore the site. You can backup your MYSQL database and web files through:

    • Hosting Company (Cpanel offers Backup Wizard to backup your MYSQL database. You also should use FTP to backup your files as well).
    • WordPress backup plugins (make sure you read what all they backup. Many just backup the content – not the layout or files). Paid plugins are better than free ones.
    • Backup/Update service. MTECH provides backup/update for a small fee. Please contact us at info@mtechbd.com if you are interested in this service.
  2. Make sure your hosting company provides backup and security services. Security is not about perfectly secure systems. Such a thing is impossible to find and/or maintain. A secure server protects the privacy, integrity, and availability of the resources under the server administrator’s control. When the situation mentioned above happened, the hosting company immediately did a security probe and identified the source of the problem. They automatically changed the login information.
  3. Limited Access to the WordPress Administrator Login & Strong Passwords. Limiting the amount of people who have access to your WordPress site can help. Don’t just give anyone the User ID and Password. Be selective. Also, try not to use “admin” (the default user ID) as your main User ID if possible. Make sure your passwords are strong and not simple. WordPress features a password strength meter which is shown when changing your password in WordPress.
    Things to avoid when choosing a password:

    • Any permutation of your own real name, username, company name, or name of your website.
    • A word from a dictionary, in any language.
    • A short password.
    • Any numeric-only or alphabetic-only password (a mixture of both is best).

Security is something that is becoming more relevant every day. Make sure you, as the owner of the business or organization, are taking the proper steps to reduce the possibility of hacks and downtime on your site. If a problem arises, work with both a hosting and web developer who will fix the issues right away.

Contact Marcy Mitchell at MTECH – info@mtechbd.com – if you would like to schedule a backup/update of your site.