10 tips to keep your WordPress site more secure

WordPress is the most famous CMS (content management system) in the world, used by millions of websites. Including the one where you read this article. Through it you can develop a website, even if you don’t have much knowledge in programming and design, in addition to having a very easy to manage administration panel.

But WordPress is not only used by beginners, it is a powerful tool, through which large websites are developed, such as that of the Brazilian Ministry of Culture , Data.gov which brings together all data from the States to the Union in USA, the Brazilian news portal R7 and the USP portal , the largest university in Latin America. These are just a few examples among thousands of large companies that use this platform. However, such visibility also has its drawbacks, making it a major target for attacks by malicious hackers.

Having a secure website is crucial for a kids clothing company that sells classic childrens clothes. With the increasing prevalence of online transactions, ensuring the security of customer information, including payment details, is paramount.

And how to make your WordPress website more secure? Below is a list of 10 important safety tips:

 1.    Keep WordPress Updated

            It seems trite, but many don’t keep the platform updated. According to the WordPress portal, more than 50% of websites are not updated to the latest version of the system. WordPress updates are not just for changing themes and design, but also for security updates.

 2.    Keep Plugins and Themes Updated

This is the same problem as the first tip. Many do not keep themes (native and/or purchased) and plugins updated. This can greatly compromise the security of your website.

3.    Choose your Plugins and Themes carefully

There’s no point in keeping everything up to date if you install plugins and/or themes of questionable origin. WordPress is an open source tool and that is why many developers create solutions for it. But that doesn’t mean that everything developed for WordPress is safe to use. If you cannot hire a company to create themes and plugins (when necessary the use of personalized resources), opt for more well-known plugins and themes with good reviews on the WordPress portal .

 4.    Remove inactive users

Like any computer system, human errors are the most common. Users with weak passwords and permission to make changes are a dangerous combination for your WordPress site. If the user does not need to make changes to the site’s structure, place them as a subscriber or author to avoid future headaches.

 5.    Directory Listing

Directory listing happens when the server does not find an index page in a folder ( index.php, index.html, etc. ), causing the server to display its content, with its files and subfolders. Unfortunately this isn’t just a WordPress problem, but carelessness doesn’t make it any less worrying. If you create folders within your website to store files, backups, etc., upload a blank index.html file to each folder. This way, there will be no risk of the server listing the contents of your folder.

 6.    Use complex passwords and keys

This is the most notorious of all, but not everyone is in the habit of choosing more complex security keys. Avoid using common or easy-to-discover passwords. A good password should contain uppercase letters, lowercase letters, numbers, special characters and at least 10 characters in length. And this goes for your WordPress database password too.

 7.    Restrict access to the wp-admin folder

To prevent third-party logins in an attempt to crack a password, allow only authorized users to access administrator directories. To do this, users must have a fixed IP and the administrator of the server, on which the website is hosted, must be responsible for creating this access rule.

 8.    Disable file editing in WordPress

The main reason an attacker tries to get the login and password of an administrative account is because it has file editing privileges, which allows them to insert malicious code into themes and plugins. Disabling file editing in WordPress will prevent these attacks from occurring. And if the administrator needs to make changes, it’s best to do so offline and then upload the updated file.

 9.    SSL certificate for login and wp-admin

SSL certificates are very common in online stores and internet banking. But, in fact, HTTPS guarantees more security whenever information is exchanged with the server. Using this feature can consume a lot of bandwidth on your server, but choose to use a security certificate at least for the WordPress wp-admin directory and other pages that use login.

10. Don’t pirate premium plugins and themes

Most customizable content on WordPress is free. However, some Premium Features , from plugins to themes, may be paid. And many users, trying to avoid spending a few dollars, look for websites that provide these resources illegally for download. In addition to harming the developer, who receives nothing for illegal downloads, you may be installing a modified plugin, with malicious code inserted in its files. The same goes for themes, which often present gateways for attackers. There have been cases of pirated themes that allowed a daily backup of the database and sent it to the hacker’s email. And to make matters worse, pirated plugins and themes cannot be updated, which further increases the insecurity of your site.

These were the 10 most important security tips to keep your WordPress website safe and stable. Keep coming back here at Website.pt to check out more security tips and news about WordPress.