If you’ve ever had your website hacked, you’ll appreciate how scary and overwhelming it can be. When you work online being hacked is a worry that can lead to a lot of fear and stress for many business owners. So it’s incredibly important that you do everything possible to protect your website. After all, it’s one of your most important business assets.
But rather than just worrying about how safe your website, it’s far more effective if you take some action! So here’s my list of top actions you can take to help protect your site from being hacked.
Keep your site up to date
This is one of the simplest things to implement, but often the one that’s most overlooked. Your themes, WordPress installation and plugins all need updating regularly. If you don’t, you’re leaving your site open to vulnerabilities, as those updates will not only have improvements in them – they’ll also be patching any vulnerabilities within the coding.
Install a security plugin to protect your site from being hacked
Next up, install a security plugin such as Wordfence to keep your site safe. It’s just one of the WordPress plugins I recommend. Configure it to send you notifications, so you can keep an eye on your site safety. Also enable two-factor authentication and configure the number of login attempts permitted at any one time.
Use difficult to guess usernames and passwords
Using weak passwords and usernames is never a good idea. Not only does it make it easy for you to remember them – it also makes it easy for hackers to work them out! Do not use your company name, your first or last name for your username or passwords. (Someone thought they were smart and tried my first name during a brute force attack recently.) Ideally, use a password generator to create strong passwords, otherwise, create difficult to guess ones and make sure you change them regularly.
If you want to protect your site, activate 2FA for all users
Most security plugins have an option to enable two-factor authentication. It’s an additional layer of security for your site. Usually, it involves sending you a code via email, text or an authenticator app on your phone. If you use Wordfence for security, you’ll be able to set up 2FA in there.
Change these two WordPress defaults
Another way you can protect your site from being hacked is to change these two WordPress defaults:
- Remove the default admin username from your site and use another name instead. (Here’s a breakdown of how to do that.)
- Change the WordPress database prefix, as all WordPress databases start with wp_ by default. (Here’s a breakdown of how to do that.)
Make it harder for hackers to access your site with these changes
Whilst you’re changing settings, implement the following changes:
- Automatically log out idle users.
- Password protect your WordPress-admin and login pages.
- Disable Directory Indexing and Browsing.
Protect the data on your WordPress site
SSL protects your website from phishing scams and data breaches. It’s therefore essential that you move your WordPress site to a secure SSL site. This will then change the ‘http’ part of your website URL to a ‘https’ one.
Regularly backup your WordPress site
Never underestimate the importance of regularly backing up your site. It’s not just about protecting your site from being hacked, you also need to minimise the disruption caused if it is hacked. Backing up your site will help do that. Tools like Updraft make this nice and easy for you to set up an automatic backup schedule for your website.
If your site’s been hacked, it can be a little daunting implementing the advice above. But if you want to protect your site, it’s well worth taking the time to get it as secure as possible. A good WordPress maintenance plan will help keep your data safe and protect you from hackers, version incompatibilities and unwanted changes.
But it isn’t something you have to do yourself. If you often forget to update your plugins and WordPress installation, why not let someone else manage it for you! My WordPress Maintenance plan is perfect for this – you’ll find the details for it here: https://takovs.com/services/wordpress-maintenance/.