How to make your WordPress install secure

WordPress logo in a padlock

WordPress is the most widely used CMS in the world, with current usage now reaching 26.4% with a 59.4% market share. Because it is the most popular CMS out there it has led to thousands of designers and developers using it as their chosen platform for rich dynamic websites and with that in mind, is also a well worthy target for hackers.

No website is ever safe, big or small and a hacker will make it through if they think it’s worth their while. Fairly or unfairly, WordPress seems to have picked up an unwanted reputation for not being safe, but steps can be taken to make sure that it’s as secure as you can possibly make it, therefore empowering trust and reliability for your clients.

Here are some top tips to help you tighten up your WordPress install:

Only use tried and tested secure plugins and themes

There are thousands of plugins in the WordPress repository and a lot of them provide the same functionality. Because of its open source nature means that there are plenty of third party developers trying to make a quick buck to have their plugin downloaded and installed, but you have no way of knowing if there is a security flaw in their code. These plugins will have minimum or no support, so it’s important that you do your research on a plugin before purchasing or installing it into your WordPress site.

Always use a plugin that offers good commercial support and is regularly updated. You will be able to tell when searching for a plugin how many downloads it has had and when it was last updated. Should anything not function as expected, you will be well supported by the plugin developer.

Install the latest WordPress updates

WordPress has a vast team supporting the platform and security issues are spotted very quickly, therefore prompting updates to the core system on a regular basis. You should always make sure your WordPress install is running the latest version if you want to make it harder for a hacker to compromise. After a core update always check your website to make sure it is still functioning as expected.

Use strong passwords

Never use a password like 123456! Keep your admin area and database passwords as secure as possible using longer strings including capital letters, numbers and special characters, e.g [email protected]!$£.

Change your database table prefix

A typical WordPress install will always create a database table prefix of wp_. When a hacker is sending out automated SQL injections it will assume the default table prefix in their scripts. The easiest way to do this is to change the $table_prefix line in your wp-config.php file to something obscure, then go into the phpmyadmin control panel and change your database table names to match. It’s adding to the process but it’s another layer of defence against a potential attack.

Use security plugins or software

Using a security plugin can help protect your website from the most common attacks. One of the most popular is Wordfence which can detect malicious changes to your website code and other common exploitations. Don’t rely solely on these as they don’t cover everything but does add another layer of security.

WordPress probably does attract more attention from hackers and spammers than any other CMS, but that’s not because the system is poorly designed.

At Project 64 we go to great lengths to make sure we are producing a website that is stable and secure. Because of our bespoke approach to web design and development, we make sure we only use the most widely used and secure plugins to perform certain functionality. Couple this with our preferred WordPress only hosting solution and we have a product that is secure, fast and reliable for our clients.

Do you have a project to discuss?

Our diverse skill set and depth of experience ensures we can deliver every time. If you wish to discuss a project with us, we would love to hear from you, so please do contact us.