30% of all websites are powered by a single content management system. That content management system is none other than WordPress.
Because of the staggering amount of WordPress users that are out there, we’re willing to bet that if you have a website, you are currently using WordPress or are considering migrating over to it.
In either case, here’s something that you need to know… WordPress is a fantastic system but because of its rapid adoption, hackers have focused all of their efforts on undermining it.
To make sure that you don’t fall victim to a cyber attack, we recommend adopting the following how to make a site secure that’s running WordPress best practices.
1. Enable Two-Factor Authentication
In today’s day in age, you need to have two-factor authentication enabled for everything. Period.
Two-factor authentication can single-handedly plug 90% of your website’s security holes.
Two-factor authentication is by no means a new technology. It has been around for a while but only recently has it picked up major steam as people become increasingly conscious of the threats that the internet presents.
The way that two-factor authentication works is simple. When you log into your WordPress site, you’ll receive a “one-time passkey” via an application like Google Authenticator on your phone. You’ll need to put that key in order to gain access to your website.
So, if a hacker doesn’t have your phone in hand, they’ll never be able to access your WordPress site from its login page.
2. Change Your Login Portal’s Page
In order to log into your WordPress site, you’d navigate to the “blog/wp-admin” page and put in your credentials.
Doing something as simple as changing the default login page to another extension like “blog/admin/wp-admin” can make it so hackers don’t know how to get to where they need to go to attempt to hack into your page.
Doing this is also a great way to throw off hack bots that are programmed to navigate to “blog/wp-admin” exclusively.
3. Only Grant Login Credentials to People That Need Them
We’re seeing WordPress used as the content management system of choice for large teams more and more every year.
As your team expands, you may find it necessary to give people credentials to your website’s back-end. We recommend taking caution when doing this.
Remember, every person you give access to your website represents another chance for your website to get busted into. All it takes is a single person leaving their browser window open while logged in or an irresponsible password keeper that keeps their credentials written down on a Post-it note on their desk.
One of the best compromises when it comes to this how to make a site secure tip is to ensure that you restrict access as needed for your site’s various logins.
For example, a writer for your blog’s credentials should only give them the ability to write and submit content. It shouldn’t give them access to your website’s code, structural options, and other pertinent areas.
4. Boot Idle Users
We touched on this in our last point but we’ll say it again because it’s one of the most common ways that people gain unauthorized access to sites.
When people log into your website, many will forget to log out when they step away from their system. If your website doesn’t have a protocol in place that allows you to automatically boot idle users off of your site, you’re going to run into some serious security issues.
Booting idle users is a basic feature that can be found for free in a number of WordPress security apps. “Inactive Logout” is one of our favorites.
5. Change Passwords Often
No matter how careful you are with your password, if you use it long enough, it’s eventually going to fall into the wrong hands.
In many cases, leaked passwords get bundled and sold on the DarkWeb.
The best defense you can put up to keep your password from falling into the wrong hands and being used is to change up your password every so often. Our recommendation is once every 3 months.
There are plugins available that can demand password changes from your team members at specified intervals which are worth looking into to automate this process.
6. Back Your Website Up
One of the most important how to make a site secure tips that we can offer you is to ensure that you always back your website up. This can be done automatically with tools like Backup Buddy or via a number of other plugins/3rd party services.
We’ve seen people who were meticulous about security fall victim to cyber attacks. Those attacks went on to completely ravage their websites beyond repair.
The only thing that kept those people and their teams from spending thousands of dollars to rebuild is the fact that they kept regular site backups on an external cloud drive.
Do the same.
Back up your site at least bi-weekly and keep your site’s image in a safe place (preferably two safe places).
You never know when you might need it.
Wrapping Up How to Make a Site Secure That’s Running WordPress
A person who never wonders how to make a site secure is a person that is almost certainly going to have their site attacked by cybercriminals. By asking that question and reading this article, you are way ahead of the game.
Take our advice. Be proactive. Get your WordPress site locked down and secured today!
Need more tech advice? No problem!
We post new content every week that you can read right now for free!