The security of your website is incredibly important. So it is not for nothing that Google has included this in its core web vitals. Moreover, any website is of interest to hackers, regardless of the information you have on your site. This is because hackers can send spam from your website or post malware. In addition to these examples, there are many other reasons why you should give your website’s security due attention.
1. Change admin and choose a strong password
When you have created a website in WordPress, you are automatically given the username ‘ADMIN’. Hackers know this too, leaving them only to guess the password to log in. So change this immediately. When doing so, remember to choose a strong password. A strong password consists of (uppercase) letters, special characters and numbers. It is also recommended that you avoid using dictionary words and change your password once in a while.
2. Modify the ‘/wp-admin’ URL.
The default login URL of WordPress websites is /wp-admin. Of course, hackers know this too, which is why it’s smart to change it. The URL can be modified directly through the server (FTP) or through a plugin. Customizing through the server may be a little less straightforward, but fortunately a plugin makes that easy. All you need to do for this is to install and activate a plugin, for example, the Better WP security WordPress plugin. Just make sure you always back up first!
3. Back up your website regularly
Backing up your website regularly is important! Although this does not directly contribute to security preventively, this way you are assured that you can easily restore your website again if something happens. In most cases, the hosting company will take care of this for you, but always ask to be sure. Want to make sure you are in control of your WordPress backups? Then there is a wide range of plugins available for that.
4. Using and updating security plugins
So with a regular backup, you are assured that you can always restore your website. Still, you’d prefer not to have to use the backup. Fortunately, this is why there are several WordPress security plugins available. We briefly explain three reliable WordPress security plugins for you here.
The Wordfence Security plugin for WordPress has been downloaded more than 4 million times, and for good reason. Wordfence Security secures your website against attacks, scanning for errors, malware and viruses. In addition, this plugin shows what measures are needed to make your website even more secure. It is also possible to set up e-mail alerts, such as when the firewall is turned off unsolicited.
With iThemes Security, the basic security of your WordPress is taken care of with the click of a button. In addition, iThemes Security also makes backups and you can use this plugin to rename the wp-content folder and force SSL (https). This way you encrypt the important data of your WordPress Website.
All In One WP Security & Firewall
With the All In One WP Security & Firewall plugin, it is possible to control the security of your WordPress website in a user-friendly and easy way. This plugin has a comprehensive firewall which is easy to configure. In addition, it is possible to set a secret code that is used to set a cookie on the login page. Is this cookie not registered on the browser from which someone is trying to log in? Then a 404 error appears. Please note that you will also see a 404 error yourself if you delete this cookie from your browser.
5. Two-factor authentication
Two-factor authentication or two-step verification provides an additional layer of security when logging in. This way, in addition to your password, you need an additional code when you want to log in. You simply request this code via your phone, by app or text message. You may already be familiar with two-factor authentication, as banks, for example, also make extensive use of it. Therefore, two-factor authentication is definitely recommended as an extra security measure for your WordPress Website.
6. Get the file permissions right
When you get to work with files in the server yourself via your FTP manager, it is important to check the file permissions. After all, you don’t want directories and files with “777 permissions” to exist. This would mean that anyone could do anything with these folders and files. Therefore, check that your folders (folders) are set to 755 or 750. As for the files (files), they should be set to 644 or 640.
7. Make sure you can always fall back on specialists
If something does go wrong unexpectedly, or if you just want more assurance about the security of your WordPress website, it’s nice to be able to fall back on specialists. As a WordPress VIP partner, we at Brthrs Agency are happy to help you with security and everything else surrounding your WordPress website. Are you curious about what we can do for you or do you have any questions? Then contact us with no obligation!