Menu Close
admin 0 Comments

5 Ways to Increase the Security of Your WordPress Website

Security-Graphic

Why online security is important to your Search Engine Rankings

WordPress is the most popular content management system on the Internet accounting for 4.5% of all websites online.  It should be expected that WordPress has also attracted the attention of hackers.  This is indeed the case as it is estimated that Justin Schuh,a security engineer at Google who has extensive experience in cyber security recently commented on a big change in the Industry.  He notes that cybercrime is attracting big business and organizations with deep pockets.

Hackers are targeting WordPress blogs and websites for a few reasons.  The first reason is to distribute viruses and malware to unsuspecting visitors and the second reason is to be integrated into a botnet.  A botnet or ‘zombie army’ is a network of computers that although their owners are unaware of it, have been set up to forward transmissions, including spam and viruses to other computers on the Internet .  Both of these activities generate a great deal of money for cybercriminals.

WordPress is the most popular open-source content management system powering 4.5% of all websites on the Internet.  A content management system is a tool that enables people to manage the content on their websites or blog.  Because of WordPress’ popularity, it would be expected that WordPress would also be the most target CMS by hackers.  Statistics show that this indeed may be the case.

As a WordPress website owner, here are 5 steps you can take to increase the security of your WordPress website.  These steps include:

  1. Change the default password

    Something as basic as changing the default password of your WordPress admin control panel can really go a long way.  You would be surprised to know the number of people who do not change their default password.  Hackers have tools to scan the Internet to look for vulnerable WordPress sites.  This entire process is automated so that there is no human intervention.  As a result, these tools can be very efficient.

  1. Change your default userID

    This second item is somewhat related to the first.  It is recommended that you also change the default password to your WordPress administrator site from ‘admin’ to something else.  I monitor all of the sites that I manage and one aspect of the service that I have really benefitted from is the report detailing log in information of failed log-ins.  The information reported include the IP address the login occurred from, the location of the IP address and userID that was used.  Interestingly enough, well over 90% of all unsuccessful login attempts use ‘admin’, the default userID  to try to access the site.

  2. Secured-Hardware

    Keep your site updated with the latest version of WordPress

    The third security measure that you can take to increase the security of your WordPress website is to update your site with the latest version of WordPress.  Every WordPress release will include updates and enhancements to the software, many of which are software updates and patches that address newly discovered security vulnerabilities.   By not updating to the latest version of WordPress, you are leaving your site vulnerable to hackers.Using an older version of WordPress is a very common vulnerability that can very easily be addressed.

While a couple of years old, a study by Saundro Gauci.  looked into updates by the top WordPress sites found in Alexa’s top 1 million websites.  Mr. Gauci’s study found:

  • 55% of the WordPress sites in the study had upgraded to the latest version of WordPress released at the time, version 3.6.1. This is 7,814 sites that looked into an update just one day after release.
  • 95% or 13,034 websites were still running a vulnerable version of WordPress 3.6 at the time of the study.
  • 74 different versions of WordPress were identified in the study.

Even though this study is almost three years old, I am sure that the author would find very similar results if the study was run today.

  1. Keep your plugins updated

    Along the same lines of ensuring that your site is running the latest version of WordPress, is keeping your plugins on your site updated. A WordPress plugin is a bit of software that can be uploaded to extend and expand the functionality of your WordPress site.

There are literally thousands of WordPress plugins available for your WordPress websites.  Many plugin developers will release periodic updates to their plugins, many of them being security updates.  Like with WordPress running most sites online, it is recommended that you update your site with the latest version of whatever plugin you are running on your site as soon it becomes available.

It is recommended that software updates be completed by a developer or somebody who knows their way around WordPress.  Sometimes, when updating a new plugin, it may crash your website rendering it useless.  While bad plugins have not been a common occurrence for me, I can say that when things happen, the situation always needs to be addressed by a programmer and they are always very unpleasant.

  1. Install a good security plugin

Secured-Laptop-LokalyzeThere are several good security plugins that are available for download.  Several are paid but there are also some very good ones available for free.  The plugin that are particularly like is Wordfence.   It is available as a free and paid plugin with the paid option offering enhanced protection over the free version.

The Wordfence security plugin continuously prevents, patrols, and protects a WordPress website against cyberattacks, hacks, and online security threats.   I is also the most downloaded WordPress security plugin.  This is because it works.

It takes a malicious hacker only a few minutes to run automated tools that can discover vulnerabilities in your WordPress website and exploit them.   Fortunately, there are simple steps that website owners can take to improve the security of their WordPress website.

Security is important to SEO

The security of a website is important to the success of the marketing campaigns driving traffic to the website, especially search engine optimization.  If a website is found by Google to be hacked or distributing malicious code, it can be flagged by Google with traffic driven away from the site.  When this happens, the site owner will have to fix the hack or remove the malicious code.  From when the site is identified as having malicious code to when it has been ‘cleared’ by Google, traffic is being directed away from the suspect site.  This translates into lost revenue for a site.  Additionally, we believe based upon our experience that rankings suffer for time after a breach.

Conclusion

If search engine rankings and traffic is important to the success of your website, security should also be important as a security breach can affect your rankings, traffic, and revenue from your site.  This blog post describes fives things you can start today to reduce the risk of a security breach.

Five simple things you can do to reduce the vulnerability of your WordPress website.  Five simple things you can start today include:

  1. Change the password to your WordPress admin section
  2. Change the userID to the admin section of your WordPress site to something other than ‘Admin’.
  3. Use only the latest version of WordPress on your site
  4. Update your plugins as updates become available
  5. Install a good security plugin such as Wordfence

It should be noted that if you are not running the latest version of WordPress on your site, it will remain vulnerable for the most part regardless of what you do.

I hope that this blog post is helpful.  Please feel free to provide your feedback and keep us in mind if you need any help with your website or digital marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *

6