So far in this series on WordPress website security we’ve explained the increase in WordPress hacking and how to discover if you’ve been hacked. We’ve also shared with you the importance of backing up your WP website, allowing you to recover if you should be so unfortunate as to be the target of hackers. In this post, we’re going to share some important steps you can take – on-site and on your machine – to make your website as secure as possible.

As always, DO NOT let yourself to think, “It won’t happen to me.” Probably 95% of the WP sites that have been hacked were run by people who thought the same thing. Don’t fall into this false sense of security.

Tips to keep your WordPress website secure

If you take care of your website, it will take care of you. To begin caring for your WordPress website, follow these simple steps:

#1. Secure things online:

    1. Update WordPress as soon as an update is published
    2. Update all plugins as soon as an update is published
      • Not only will the updates to WordPress and your plugins include new features, they are also pushed out with security patches to cover known vulnerabilities.
    3. Change your default username – do NOT use admin
      • The username “admin” is the most common username that hackers attack.
    4. Choose a new – more secure – password
      • The most common passwords – your child’s name or birth date, the word “password,” or the numerals “1234” are the least secure, most commonly hacked passwords used. To check the strength of your new password, use the Microsoft Password Checker. It’s FREE.
    5. Delete inactive, unused plugins
    6. Delete inactive, unused themes
      • Since you’re not using these plugins and themes it is un likely you will update them regularly. This can make you vulnerable to a hacking attack, leaving one more door open to potential hackers.
    7. Delete all default posts and comments, for example the “Hello world!” post that comes standard with all new WordPress sites.
    8. Remove the “Powered by WordPress” footer
      • Nothing says “I’m a newbie to WordPress, please hack me,” like leaving these telltale posts up on your site.
    9. Install a security plugin, such as the “Limit login attempts” plugin: http://wordpress.org/extend/plugins/limit-login-attempts/.

#2. Secure things on your computer:

    1. Virus protection for your computer is vital to your online security. Make sure it is up-to-date and that it is actually running as you work.
    2. Update your browser for increased security.
    3. Update your computer’s operating system to ensure it is running the latest version – with the latest security patches.

Updates are critical to the security of your digital environment. You simply cannot afford to ignore them, since virtually every update you receive will include a security fix, or patch. This includes your personal computer, servers, and your website. If you stay up-to-date on all updates, you can make it nearly impossible for a hacker to take down your WordPress website.