WordPress security

Did you know?

41% were hacked through a security vulnerability on their hosting platform
29% were hacked via a security issue in the WordPress Theme they were using
22% were hacked via a security issue in the WordPress Plugins they were using
8% were hacked because they had a weak password

15 Tips to make wordpress site more secure

  1. Keep wordpress updated and always update the system and plugins to the latest version
  2. Do not use ‘admin’ and similar administrator usernames
  3. Use really secure password for users including numbers, uppercase characters and special symobls
  4. Backup database regularly
  5. Using free or paid security plugins (eg. WordFence)
  6. Good hosting service with daily backup
  7. WordPress Security Keys (if not setup in the config file)
  8. Set correct file permissions
  9. Limit database access and change table prefix
  10. Monitoring website regularly and scanning the file structure
  11. Limit/disable file editing access (using htaccess)
  12. Limit login attempts and using two-step authetication
  13. Hide login page and remove info about your site (eg. version number)
  14. Use secure contact forms
  15. Ensure your computer has no viruses and malware (when you edit site or access ftp)

More info: http://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide/

How to make your website more secure?

The ultimate implementation of this “second layer” password protection is to require an HTTPS SSL encrypted connection for the full website or administration, so that all communication and sensitive data is encrypted.

HTTPS is HTTP (HyperText Transfer Protocol) plus SSL (Secure Socket Layer). You need a certificate to use any protocol that uses SSL. SSL allows arbitrary protocols to be communicated.

Https connection need dedicated IP address for your website so extra cost to pay an ip and a SSL certification every year.