How Secure is Your Website?


At the time of writing this article, just over 34% of all Websites have been built using the Free (to install) WordPress Content Management System (CMS). While it’s popularity is a given, and the trend is pointing towards more sites using WordPress, it does require a measure of on-going management.

If you have been one of the unfortunate Website owners, using WordPress, that have woken up one morning to discover (or be told), that their Website has been ‘hacked’ or taken off-line for a security breach, you will know the real ‘cost’ of being a Website owner.

The importance of Security and on-going Management of a WordPress Website can not be overstressed.

WordPress like pretty much all complex software will have bugs and associated security issues arise, especially as the platform grows and evolves, along with Internet technologies. It is not a Website development platform where you can create your new website, launch it and forget about. Doing this greatly increases your risk of having your Website compromised (hacked). It becomes a matter of when, not if.

What do I need to do? To Safeguard my WordPress Website?

Here are a few ‘best practice’ tips:

  • Never use ‘admin’ as the name of the Admin User, ever.
  • Install a Security Plugin (I use and recommend ‘Wordfence’)
  • Configure ‘2 Factor Authentication’ for your Website logins (Wordfence is good for this)
  • Install a Backup Plugin and configure it to store backups remotely (eg DropBox, Google Drive etc)
  • Keep your Website up-to-date, including WordPress itself, Plugins, and your Theme
  • Connect your Website to an ‘uptime’ monitoring service (eg Uptime Robot). You will receive an email alert should your Website go down.
  • Disable the ‘Anyone can register’ setting. Setting this will open your site to spammers registering on your site.
  • Add a ReCAPTCHA to all forms on your Website.

Following these basic guidelines, your Website will serve you well, without getting itself into trouble and reflect badly on your business.

If you feel all this is beyond your skills and / or ability, then please contact me to have a confidential discussion regarding the on-going management of your WordPress website.

(Please note that in this article I am referring to the ‘self hosted’ version of WordPress, used for the development of Websites).

Till next time, take care.

Andrew Ireland
(a.k.a. The New Age Geek)