WordPress blogs have always been easy targets for hackers but there are a few simple techniques which can reduce your chances of being hacked and also to protect you if are unfortunate enough to lose all your data and even your complete website.
An important note to remember is that your web host is not necessarily responsible for backing up your website. Unless you have specifically chosen this service, if it’s available, you’ll need to ensure you are backing up your own data.
Here are a few tips and best practices on how to make your WordPress site more secure.
Always make sure you are running the latest version of WordPress
If you see that there is a new version of WordPress available, click update and then select automatically update. If you are running an old version of WordPress then it’s easier for hackers to find a way in as the code is not current with the latest updates. Most of the hacking queries in our support system are because of this -your web host cannot go into your admin control panel to do this so you as the website owner need to make sure you are updating this. It takes between 5 and 10 seconds and is dead easy.
Update all active plugins and delete inactive plugins
When you get asked to update your plugins it means that there has been a upgrade to the code within that plugin which will contain better security options. Just like the WordPress software, these updates are equally important. Plugins are excellent gateways for hackers as they contain vulnerabilities that hackers and malicious code are known to exploit.
Delete any old inactive plugins you have – the more plugins you have that aren’t being used the more at risk your site is.
Perform weekly/monthly backups of your website
As I mentioned earlier, unless your web host provides a backup service for you, you will need to manually backup your website.
The best thing to do is download an FTP client, which should be free and there are a number of different options to choose from. I use FileZilla for my blogs but you can choose whichever one you want.
UK2 hosted websites all use cPanel so for the purpose of this exercise I will explain how to perform backs using these systems and programs.
- Login to cPanel and look for the Backups icon
- Select this and select the ‘Download Full Back Up’ which will normally have ‘Home Directory’ selected as the default (this is what the backup will be generated from).
- After the backup has been completed you will be sent an email confirming this.
- Login to your FTP client, FileZilla in this case
- search for your backup which should be in the main folder, and will contain ‘backup-date time name of site.gz
- Drag that folder onto your desktop or in a selected folder
If you are active in updating your site then you should do this backup on a regular basis.
These are just 3 things which will help to go a long way to making your WordPress more secure and help to protect you against hackers and malicious code.
Good luck and if you have never done any of the above then login to your site now and get cracking