One of the biggest headaches as a business owner is to have your website get hacked. Not only does it force you to drop everything else you’re doing to fix it, but most business don’t really even know how to fix this when it happens.
So what’s the next best thing? Prevent a hack altogether.
Here are 9 ways you can improve your WordPress website’s security (and you don’t have to touch a single bit of code):
Use a username other than ‘admin’
We’ll start with the easiest one first. Using ‘admin’ as your username makes you an easy target for hackers. Use something different to make it that much harder to be a victim of website hacking.
Use a solid password
I know you’ve heard this time and time again, but make sure you have a really strong password. You can even use WordPress’s password generator tool to help create a really good password.
Keep WordPress, your PHP version, plugins, and theme updated
Keeping WordPress, your PHP version, plugins, and theme updated is like brushing your teeth and flossing. It’s not a guarantee that you won’t get a cavity (or hacked in this case), but it’s your first line of defense. Many of the updates that are released are security related. Doing regular updates also ensures that your site will continue running smoothly.
How often should you run updates? I recommend monthly. If that feels like too much, update quarterly at minimum. If you get an email about a specific plugin or theme vulnerability, update immediately.
Set up a custom login URL
By default, WordPress websites use www.yourwebaddress.com/wp-admin as the login URL. Customize this login URL for better security. I recommend using the plugin WPS Hide Login.
Use an SSL certificate
At this point in time, it’s almost a given that your site needs to have an SSL certificate. Even if you’re not collecting sensitive information through your website, Google prioritizes websites that are secure. So not only do you get security benefits by having an SSL certificate installed, but you get SEO perks as well. There’s also the huge trust factor. When people see that lock by your website address, they feel at ease when browsing your website.
Use a website security plugin
There are a ton of website security plugins out there, but I recommend Sucuri. It’s free and I’ve found that it does a good job. It does malware scans and will notify you via email if it finds any compromised files.
Set up 2-Factor Authentication
You know how you sometimes have to have a code sent to your phone to enter before you can log in somewhere? That’s 2-Factor Authentication. You can set this up for your WordPress website to add that additional level of security and peace of mind. I recommend the WP 2FA – Two-factor authentication for WordPress plugin.
Limit login attempts
Another easy way to prevent attacks is to install a plugin that limits login attempts. There are multiple options out there like Limit Login Attempts Reloaded.
Utilize security packages provided by your hosting
Most hosting companies offer additional security packages that can be added on to your hosting. These packages often include site restoration and remediation if your site is hacked.
Make sure your site has backups
This tip doesn’t help make your site more secure, but it’s a fallback if your site is hacked. I recommend setting up backups through your website hosting. If your site is hacked, sometimes you can’t even access your WordPress admin dashboard, so having your backups available there doesn’t help you.
So what do you do if your website gets hacked?
If you have a security plan through your hosting, reach out right away
If you’re paying for this service, be sure to take advantage of it when you need it. Depending on what’s in your plan, they will likely handle the investigation in to the issue and fixing your site to its former state.
If you’re on your own, restore a backup
Restoring a backup is the best immediate way to revert your website to its previous working state. Once you’ve been able to restore it, be sure to go through all 9 steps above to ensure that your site isn’t hacked again. I’ve seen where a site is hacked, restored by backup, and then immediately hacked again because it still had the same vulnerabilities.
Reach out to a professional
If you’ve tried restoring a backup or maybe you don’t have backups, it’s probably time to reach out to a professional for help. It’ll probably cost several hundred dollars, so implementing the security measures above are well worth it. Save yourself the money and even bigger, the headache, of having a hacked website.