How can I secure my WordPress website?
We have provided few tips below on how to secure your site:
1. Ensure your WordPress installation is up to date. You can do this one of two ways:
Option 1 - The non technical way
You can import your existing WordPress installation into our WordPress manager from within your cPanel account. You can do this by following these simple steps:
1. Log into cPanel
2. Click on the "WordPress" icon under "Featured Applications"
3. Click on the \/ button next to "install this application" then click "import existing install"
4. Click on "Continue" under "From this account"
5. Select your domain name from the drop down list and click "Import"
Your website is now synced up with our WordPress manager tool! This will ensure that your site is backed up and updated whenever a WordPress core, theme or plugin update is released. However, please note that this tool will not update a theme or plugin if the theme/plugin developer requires you to download the plugin directly from their website in order to update it.
You can adjust the update settings by clicking on the settings icon (the spanner) in the WordPress manager area. You have the ability to change what you would like to be updated automatically and not (the options are your WordPress core, plugins and/or themes), and the ability to change what email address you would like to be notified at when an update is complete.
Option 2 - The technical way
If you have experience with web development, then you can configure your WordPress installation to automatically update itself by adding the following lines to your wp-config.php file
add_filter( 'auto_update_plugin', '__return_true' );
add_filter( 'auto_update_theme', '__return_true' );
Please note that we only recommend that you make this change if you are familiar with editing php files. If you do not have this experience, then please refer to option 1.
2. Delete any un-needed plugins. If you know that you do need to have a certain plugin for your website to function, then we recommend de-activating it. If you believe that you will use the plugin again in future then leave it as de-activated until then. If you know that you will never use the plugin again then we recommend deleting it completely. This will reduce the potential for code to be exploited.
3. Consider using a security plugin. There are a number of plugins designed to secure your site. Plugins such as "WordFence", "Login Lockdown" and many other reputable plugins exist to protect your site and prevent malicious activity.
4. Consider using Cloudflare. Cloudflare is both a performance and security proxy service. It will both speed up your website as well as stopping known malicious activity from reaching your site. Customers can sign up for free accounts from within cPanel. Please refer to the following article for instructions on how to activate CloudFlare.
5. Remove unused admin accounts. Un-used admin accounts can pose a security risk as attackers try to login using random passwords (Brute Force Logins). We recommend deleting these un-used accounts to minimise the potential for a brute force attack.
6. Ensure your login password is secure and frequently changed. Weak login passwords are easily guessed during Brute Force Login attempts. It is critical to ensure your password is strong to stop Brute Force Login attacks from being successful. You can generate random passwords at www.strongpasswordgenerator.com.
It is also important to not save your password onto your computer. If your computer experiences security issues you do not want this to also impact your website.
Don't have the time to do any of this?
If you are busy focusing on your business, and feel that you do not have the time to manage your WordPress website then that's OK. Just open a Sales eTicket and we can organise for your website to be upgrade to our Managed WordPress service. With our managed service, our local team of professionals ensure that your WordPress remains up to date and secure so you don't have to.
Was this answer helpful?Print this Article
Comodo SSL is installed by default on all websites! You will just need to configure your website...
We have 4 nameservers which can be used for any of our hosting plans. The nameservers can be...
We offer all Web Hosting, Email Hosting and Reseller Hosting customers a server level spam filter...
When you can't access your website, email account or cPanel, we advise you to check your domain...
You can access your emails through the iPhone mail app. Before configuring your iPhone, you will...