If you’ve built a website using WordPress or are managing it, security is a real issue.
WordPress is the most-wildly used Content Management Software for webservers but this brings risks as most, if not all, of the WordPress files have been dissected carefully – all you need to do is download the package from www.wordpress.org and take a look for yourself.
Can it be made secure, even if all the back-doors are known? To be honest, back-doors are very rare in WordPress, otherwise it wouldn’t be a sensible choice. It’s the front door approach that should concern a WordPress admin.
admin – there’s the first issue. The default administrator login for WordPress is ‘admin’ and everyone probably known that. You don’t have to choose admin, so make it something else. That will remove 80% or more of attempts to gain admin access.
Next, create a non-admin account for yourself. Use this account for site content so you don’t disclose your admin login.
There are some plug-ins that wil help protect your site. My ones of choice include Wordfence, Updraft plus a few to manage Page Not Found and Captcha.
Wordfence – this is a security/network logger, a firewall, cache, and much more. It can stop brute-force hacking attempts, instigate network directed blocking, enforce strong passwords etc. In short it keeps your site safe.
Updraft Plus – Backing up a site is more than just a sensible idea, if something goes wrong you would want to restore the site to a previous state instead of rebuilding it from scratch.
404 – This is the ‘Page Not Found’ error. By catching these errors you can prevent unauthorised page views.
Captcha – Rogue or spam comments are plentiful on WordPress sites, most are submitted automatically by bots. You can stop the bots by using a Captcha to prove that your site visitor is a human.
Put the right security systems in place, including backup, and you’ll have a safer more secure site. That gives you more time to concentrate on the design and content.