If you’re a WordPress site owner, you’re a prime target for hackers.
That’s not just my opinion. There are more than a few statistics that make that clear. The popular WP security plugin, Wordfence, reports an incredible 90,000 attacks on WordPress websites every single minute. Another security platform, Securi, produced a report in 2018 based on an analysis of more than 18,000 hacked sites that revealed 90% of these sites were running on WordPress. And last year, close to a million WP sites were attacked in a single month by the same malicious actor.
You get the picture. Hackers have gotten a taste for going after WP sites, believing them to be easy prey. But the truth is, in a lot of cases, site owners make them an easy target. There is A LOT you can do to beef up your site security to prevent your site from being just another number added to the stats above. And in this article, we’re going to help set you on the right path.
We spoke to a whole bunch of WordPress experts and asked them the million-dollar question: How do you secure a WordPress website? Each provided one piece of advice and we ended up with a checklist of sorts to help make your site a tightly-run ship.
So dig out a notebook, grab a coffee and let’s get started.
How to Secure Your WordPress Site Quickly
As part of our research when putting together this article we also conducted a couple of polls asking 50 WordPress pros two questions. The first of these was “Name your 3 favorite quick-wins that bolster WP security with relatively little effort?”
We wanted to provide you with an understanding of the steps that are easy to implement, but that have a big impact on strengthening your site security. So if you’re pushed for time, these are the things that are going to give you the most protection for time invested.
In the chart below, you can see which items were mentioned most frequently.
As you can see, the top three suggestions are all very straightforward and don’t take any special preparation or skills to implement. These are:
- Keep everything updated (this includes the WP Core, your templates and plugins). You also want to keep an eye on the PHP version your site is running on and keep that up to date too.
- Install a security plugin. There are several good ones to choose from, many of which have a free version that gives you a good amount of protection without spending a dime. And even the premium versions are often very affordable.
- Use secure passwords. This isn’t rocket-science. The weaker your password, the easier it is for a hacker to gain access to your site. So do yourself a favor and make their job as hard as you possibly can by using complex, secure passwords.
So if you only have very little time to try and figure this security thing out, make these three things your top priorities. If you have a bit more time, look into the other steps outlined on the chart. This will go a long way to helping make your site more secure.
The Biggest Security Mistakes WP Site Owners Make
The second poll was simple. We wanted to know which WordPress security errors the pros see WP site owners making most frequently. Because if you can avoid these, it’ll go a long way to ensuring your site is not as vulnerable to attempted attacks.
And wouldn’t you know it. There are lots of similarities between the two charts. Not keeping software updated to the latest versions and using weak passwords were by far the most popular answers in this poll. And both of these mistakes are so, so easy to remedy.
If your site did fall victim to an attack, it’s extremely likely that one of these bad practices on the chart above would be to blame. Use this as a checklist of the absolute fundamentals that you need to have in place to prevent your site’s defences from being breached.