In this day and age, your business website needs safeguards in place to protect against cyber attacks. Though our managed WordPress hosting customers benefit from several security measures, many web hosting providers don't offer any mitigation against website hacks/data loss. No matter which web host you use, we'll share with you 5 easy steps to secure WordPress and protect from hackers. These should be easy to implement and won't involve any coding.
Only Big Companies Need to Secure WordPress and Protect from Hackers, Right?
Wrong. Indeed, the public does see headlines about their personal data being dumped on the dark web from a big corporate hack every year or so. Yahoo, Sony, and Equifax are some of the (in)famous data breaches you may have heard of. But if you think only enterprise businesses are in a hacker's crosshairs, you're being misled. Without mitigation, you may be choosing to put your business (and customers) at risk.
1. Install a WordPress Security Plugin like Wordfence
Use a security plugin for WordPress, like Wordfence or iThemes Security, to shut down the most common attack vectors without much setup. Many critically important features are included even with the free version of Wordfence. When you visit the Wordfence Options tab inside the Dashboard, you can customize the thoroughness of scans and log keeping. Within just minutes, you will enjoy significantly greater protection.
2. Take Regular Backups of Your WordPress Site
Creating backups is important, not only in the event of an infection you can't clean, but also in case your website breaks (i.e. after a bad update). We recommend a regular schedule of weekly or monthly WordPress backups by default. If you need to run a different backup schedule, you might want to factor in the following:
- How much traffic your website receives
- How often you add or update content
- How often you update your theme & plugins
- How much disk space your site uses
Luckily, there is no shortage of both free and premium backup tools, so you only need to be aware of what's needed as a minimum. A complete WordPress backup consists of two parts: the standard PHP files, images, etc.—and the database (a specially exported .SQL file). You need both parts to have a working backup—if you try to restore an old backup without the database, your backup is worthless.
We recommend UpdraftPlus or Duplicator to create a restore point or snapshot. The backups can be stored on your web host or externally in Google Drive, Dropbox, or AWS. If you're a Cyberia Technologies hosting customer, you're already benefiting from server-side automatic backups, meaning there is no need a third party solution. Server-side WordPress backups can be restored by logging into the control panel.
3. Sign Up for a Cloudflare Plan (it's FREE)
Cloudflare is a DNS (domain name service) provider built on a philosophy of security and speed. The free plan from Cloudflare even includes DDoS protection, a global content delivery network (CDN), zero-trust access protection for 5 users, & more.
4. Personalize Your WordPress Login Slug
It's well known by the WordPress community that you can visit the default login page for any WordPress site by going to www.thewebsite.com/wp-login.php. Given how popular WordPress is, this means anyone can try to gain entry to your website through this very predictable login slug. Changing it to something unique enough that an outsider can't guess will remove this potential attack vector.
5. Randomize Your WordPress Database Prefix
By default all WordPress database tables start with "wp_" as a prefix, meaning any hacker can easily predict your database structure. MySQL injections and other database vulnerabilities become much easier from that point onward. Use a tool to customize your WordPress table prefixes to something completely unique/random, i.e. "w2ZbEq_". If you're a Cyberia Technologies customer, you can randomize the database prefix via the 1-click security tab in WordPress Toolkit. Otherwise you can search for a plugin in the WordPress repository to automatically do this.
Your business and your customers rely on the safety and security of your website. Although none of the above 5 steps will guarantee you won't be hacked, you'll avoid becoming low-hanging fruit for hackers. Since most small businesses don't recover from security breaches, it's worth it to review our 5 easy steps to secure WordPress and protect from hackers every so often.