Because WordPress is an open source platform – meaning that it’s continually under development as users share ways to improve the software – it can contain more potentially vulnerable areas than static HTML sites.
When a WordPress website is hacked, the problem could usually have been avoided if preventative measures were taken from the beginning. But even if you do all the right things, your site can still get hacked through out of date plugins, themes or WordPress itself.
Following are several measures you can take to keep your WordPress site secure and maintained:
- Keep your WordPress version up-to-date. Using older versions of WordPress can make your site vulnerable. Important Note: Before you update WordPress or any of your plugins, make sure that you backup both your website files and your database first – just in case something goes wrong during the update, you will have a backup to restore from!
- Update your plugins on a regular basis. Be sure to research new plugins before you install them; look for how many people have downloaded it, what others have to say, and when it was last updated. Using a poorly-designed or out-of-date plugin is just inviting hackers in the back door of your website. Whether you are installing a new plugin or updating an existing one, make sure it is compatible with the WordPress version you have installed.
- Delete all inactive and unused plugins.
- Tighten up the security features in your “Settings” section. For example, turn off comments or limit the length of time users can comment on your posts, and don’t allow open registration.
- Change your username from WordPress’ default “admin” username.
- Make sure your passwords are secure. Yes, it is easier to remember your pet’s name and use the same password for all of your accounts – but don’t. Use a password generator – if it’s difficult for you to remember, it will be more difficult to hack.
- Back up your site frequently, and don’t store the backups on your site itself. That way, if your site does get hacked, you can get it up and running again quickly.
- Consider using a service that scans your site for trouble spots before it goes down. Sucuri Security is a monitoring & malware cleanup service that helps keep WordPress websites clean & secure.