Thanks to its established large developer community and offering two Beta releases before major versions are pushed out for use on production sites, WordPress is generally kept free of bugs; if site owners remember to update!<\/p>\n
One downside to using WordPress is that since 22.8% of websites use it, it has become a prime target for hackers.<\/p>\n
For example, a bug was recently identified in WordPress and Joomla installations which would allow a hacker to run a highly resource-intensive process which would result in the server crashing and the website going down.<\/p>\n
WordPress swiftly released 3.9.2 which fixed this, however many people will still be on older versions which are still vulnerable.<\/p>\n
One of the most obvious tips is to make sure you have a fairly complex password, and not something which will be easily guessed by a potential hacker.
\nIf you think you’ll forget it, simply use a password manager such as LastPass.<\/p>\n
I regularly see WordPress sites which are heavily outdated. If you’re running an older version of WordPress, you may as well be asking to be attacked.<\/p>\n
So if you see a yellow bar\/banner at the top of the WordPress admin area, don’t delay – hit update!<\/p>\n
These not only have to potential to slow down your site, but once they become outdated, they can pose a security risk.<\/p>\n
If you spot any plugins you’re no longer using and will become outdated and forgotten about, deactivate and delete them.<\/p>\n
Plugins such as Wordfence can be great to help you implement some quick security features, such as changing the URL of the admin login from ‘\/wp-admin’ to a URL of your choice.<\/p>\n
If you’ve had a blog running for a few years or more. have a blog, it’s likely you’ll have created accounts for contributors.<\/p>\n
Additionally, developers often create test accounts within WordPress that they might have forgotten to delete afterwards, so it’s always good to double-check.<\/p>\n
You can easily restrict access to the WordPress dashboard by a specific IP address. For example, if you only want people to be able to access the dashboard at your workplace, you can find out the IP address and add it to the below code, which can be added to your .htaccess file.<\/p>\n
order deny,<\/p>\n
allow<\/p>\n
allow from YOURIPADDRESSHERE<\/p>\n
deny from all<\/p>\n
To do this, simply create a new .htaccess file within the wp-admin folder, then paste in the following code:<\/p>\n
define(‘FORCE_SSL_ADMIN’, true);<\/p>\n
Since you’re installing WordPress plugins right into your core directories, it’s important that you can trust them. If there’s a brand new plugin that has very little ratinga<\/p>\n
Always look for plugins which have had plenty of reviews.<\/p>\n
You have three options here.<\/p>\n
The first being you manually create backups of your whole hosting account (if you use cPanel\/WHM, there’s a backup tool).<\/p>\n
Alternatively, you can install a WordPress plugin such as Backup Buddy or VaultPress which makes the process as simple as possible for you.<\/p>\n
Alternatively (and my preferred option) is to use a cloud backup service such as CodeGuard, which runs nightly backups to the cloud for you.<\/p>\n
You should also consider support here. If your WordPress site does get hacked, you’ll probably want it back up and running again as soon as possible. So it’s important to choose a provider that offers 24\/7 support in case you need it.<\/p>\n","protected":false},"excerpt":{"rendered":"
Thanks to its established large developer community and offering two Beta releases before major versions are pushed out for use on production sites, WordPress is generally kept free of bugs; if site owners remember to update! One downside to using WordPress is that since 22.8% of websites use it, it has become a prime target […]<\/p>\n","protected":false},"author":913,"featured_media":3076,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[354],"tags":[],"yoast_head":"\n