Simple WordPress Security Tips

By Jason Headen April 6, 2022
Wordpress Security

Web security is a hot issue that has become more common place in our day to day lives. Threats come in the form of phishing, ransomware attacks, malware, distributed denial-of-service (DDoS) attacks, and many others. WordPress is highly vulnerable to web security issues because of its widespread use and it makes it easy to set up a website. In fact, 43% of all websites run on WordPress making the chances for a successful attack highly likely. Below, you will find some easy ways to secure WordPress.

Disclaimer: These tips are not meant to replace expert advice or training, however, it will get you started on the right track.

Update WordPress Version Regularly

Whether you realize it or not, WordPress is a piece of software that makes putting a website together an easy task. Like any other kind of software, WordPress is constantly being updated and occasionally has new releases rolled out. These new releases fix bugs, issue security updates, and add new features. It is vital for security to keep your WordPress site up to date.

To check whether you have the latest WordPress version, open your WordPress admin area, and navigate to Dashboard -> Updates on the left menu panel. If it shows that your version is not up to date, Atiba recommends updating it as soon as possible.

Create secure login credentials

To protect your website against brute force attacks it is important to have secure WordPress login credentials.

Username

The username should not be something easy to remember: admin, user, administrator, test are all usernames that are easy to guess and can potentially put your website at risk. Use a username that will be unique to you and your website.

Password

The most important aspect of logging in is the strength of your password. A secure password should be anywhere from 10 to 20 characters in length, and consist of letters, numbers and other symbols such as #, %, or *.  For best results use a password generator and a password manager to help you keep track of your passwords and usernames.

Limit login attempts and change the login url

WordPress by default will allow you to try as many times as you would like. The problem with this is that hackers know about this and will exploit it. An easy way to fix this is to limit the amount of times someone can attempt to login to your website. Thankfully there are a few WordPress plugins that can help:

  • Limit Login Attempts Reloaded – configures the number of failed attempts for specific IP addresses, adds users to the safelist or blocks them entirely, and informs website users about the remaining lockout time.
  • Loginizer – offers login security features such as 2FA, reCAPTCHA, and login challenge questions.
  • Limit Attempts by BestWebSoft – automatically blocks IP addresses that reach the login attempt limit and adds them to a deny list.

Another step you can take is to change the login url for your WordPress website. The default url is “yourdomain.com/wp-admin” and using this default setting makes it easy for hackers to find the login page and to attempt to get in. A simple step to take is to change the default login url, and this can be accomplished by using plugins such as:

Atiba web security solutions

Taking these simple steps will go a long way to ensure that your website is much safer, but web security is a moving target. Everyday there are new security flaws found and security guidelines often change. This can quickly become confusing and it can be difficult to tell what next steps to take. Thankfully there’s Atiba.

Atiba can do a full site security audit of your WordPress site and draw up a web security roadmap for you so that you know exactly where you need to go. Atiba also offers the following services:

Contact us today for a quote on a website security audit.

 

Now that we have your attention...

Want to learn more about Atiba or get in contact with one of our tech experts?

Want to get in contact?
Need a project quote or just have some questions? Get in touch today!
Check out our services.
Want to see what else we offer? Head over to the services page.