In a recent survey it was recorded that WordPress is now supporting 26.5% of all websites. With such a big market share it understandably has a huge target on its back for hackers and spammers. Over the last 12 – 18 months WordPress security and best practice has been talked about more and more.

If you are an owner of a WordPress website then it is likely your site is at risk of an attack.  New vulnerabilities are being discovered and keeping up to date with everything is a job in itself. In this post we will look at some website security best practice and how this can be used to help secure your site from these types of attacks.

Knowing the risks associated to your site are not always obvious and it’s good to attempt to identify any weaknesses.  So what do you think the biggest risk is? Well we can tell you that Wordpres Plugins account for 52% of security vulnerabilities.  The WordPress core accounts for 37% and themes approximately 11%.  In two separate surveys WordPress Plugins accounted for 52 – 55% of the security issues found within the survey sites.

There has also been some study which looks in to WordPress version and the vulnerabilities associated to each. It was noted that WordPress 3.8.1 and 3.7.1 collectively have the most security weaknesses.

Implementing a successful WordPress security strategy in 2017

We see new security threats on a daily basis, there are more than you ever imagined. There is no specific pattern, sequence or timing as and when they decide to show their faces, so keeping your WordPress website secure can be challenging. We understand and are realistic in that you can never 100% prevent these things from happening. However, by implementing good, industry standard security practices you give yourself a better chance of protecting your website.

Here are 3 things you can do to improve your website security.

WordPress & Plugin Updates

WordPress and WordPress Developers will generally release patch updates for a reason. The reason is generally that a vulnerability will have been identified and the update will ensure that the weakness has been eliminated.

By updating the Plugin or WordPress version it brings it up to date and in turn eliminates any previous threats in the older versions.

WordPress version 3.7 has now implemented automatic updates so your WordPress core should always remain up to date.

When implementing plugins on your website, it is advised that you only use trusted WordPress plugins. That or you ensure that they are purchased from respected third party companies.

Ensuring that your WordPress site is diligently backed up also helps to maintain your website. This can make it easy to roll back if you are attacked, and we also recommend backing up your website before performing any updates.

There are also many WordPress back-up plugins available, these make it very easy to backup your website and associated databases.

Update all user passwords

Weak passwords will no doubt result in your website being hacked. User and password combinations such as ‘admin’ + ‘Password123’ will get caught out extremely quickly.

There are bots out there that will continually try and brute force entry to your website. They can generate thousands of password variants in a matter of seconds.

Improving your password strength and implementing a complex password is one of the best ways of strengthening your WordPress website.

Introduce an Industry Standard Security Plugin

There are so many options now when it comes to WordPress security plugins. These plugins will support your fight against an online attack and will certainly add an extra layer of security to your WordPress installation.

They can easily block common security threats with the new addition of a firewall. They are able to view real time traffic, block malicious networks and scan your installation for any security threats.

Some of the most common plugins used are as follows;

  • ithemes security
  • Sucuri Security
  • Wordfence

In this post we have identified 3 very easy ways in which you can start to better protect your WordPress website. In future posts we will look in greater detail how you can take this to another level.

We will look at using secure connections for best practice, how you can block common bots, check and improve your database security and much more.

Grey Coffee are a digital agency that are based in Nottingham. We offer WordPress website design, development and managed hosting services. We can provide the support required to manage your WordPress website and undertake the security strategy required to prevent your website from being hacked.