WordPress Security Tips

Website security is probably not something most people think about until they are hacked or are bombarded daily by comments written by automated programs (bots). But it is something you should consider. Here are a few easy things you can do to help harden your site from being an easy target.

Make Sure Your Computer is Clean

You may be inadvertently handing your keys to ne’er-do-wells just by logging in if your computer has been infected by malware, spyware or a virus.

Your computer may already have a basic virus detection and removal program, but using an additional program like Kaspersky (paid), Avast (free) or AVG (free) gives you better protection.

To counter spyware infections we suggest using Spybot. To hunt down malware we suggest Malwarebytes.

Use a Strong Password

“Password” is the worst password to have. Don’t use it.

Here are some ways to make a better password:

  • Use the “Schneier Scheme – Take a favorite sentence or phrase and reduce it down to a acronymic password.

    For Example:

    “Children of the Night, what music they make” can become CotN1ght,wMtM

    “‘Cause this is thriller, thriller night And no one’s gonna save you from the beast about to strike” can be made into CtiT4ri11er,Tn&no1Gs@veuftBatS

  • The alternative is to create a password composed of unmemorable alphanumeric characters (one random password generator can be found here). Because it is essentially gibberish you might want to use a password manager like LastPass to remember these kinds of passwords. Some other Password Managers are reviewed here.

Keep WordPress, Your Theme and Plugins Updated

My LinkedIn feed recently had a post by a friend of a friend who recently updated his 5-year-old version of WordPress. Don’t be that guy. Most updates contain bug fixes that will prevent people from exploiting your site. The same for your theme and plugins. Remember to back up your database and files before updating anything to ensure if something does go wrong, you can set it right.

Want to Get Really Serious?

If you want to take the extra step and further fortify your site against potential attackers, Tiki2 is happy to offer security services for your WordPress site. We cannot guarantee 100% security for your site — it would be impossible and anyone who claims otherwise is a liar. We can fortify your site with proven, sensible methods to make it more trouble than it is worth to hack your website. The process takes between one and three hours depending on the complexity and current state of your site. Give us a call at 512.554.8712 or contact us to see what we can do for you and your site.

Ready to discuss your project?