7 Ways to add an extra layer of security to your WordPress Website

It is no surprise when you search online the amount of WordPress owners complaining about the security features when it comes to WordPress. Looking at the number of websites that are powered by WordPress, it makes sense. Although… any open source script WILL be open to vulnerabilities and open for hacking attempts.

FACT… the ‘lack’ of security that WordPress users are complaining about is far better than that of any other Open Source Script and other website platforms… With roughly 75,000,000 websites running on WordPress, is it normal that it would be easier to find feedback, reviews or complaints about WordPress?

Although, we have decided to provide you with 7 of the best tips you can implement to add an extra layer of security to your website! After implementing these tactics and following up with continual WordPress security checks, you’ll be well on your way to secure your WordPress website for good.

1. Username & Passwords.

It is amazing to see how many people still believe that ‘admin’ as a username and password will be offering their website the security it needs. Please get rid of that mentality… it is 2019 and even though 90% of the time ‘hackers’ don’t go after your data but rather just to prove a point, should you always use a strong username and password.

We would recommend you use your email as username and for your password, include the following.

• At least 1 capital Letter (ASDF)
• 2 or more special characters (!@$%^)
• 2 or more numbers (12345)
• More than 8 characters long.

2.Logout inactive users including yourself.

When you idle in wp-admin or leaving the dashboard open in a tab, it poses a very serious security threat!! Anyone that passes by your pc when it is unattended can access sales information (E-Commerce Website) or change information. This can result in 505 and for those not knowing what a 505 is… you’re site is broken! Avoid this by ensuring that your site logs people out after they have been idling for a certain period of time.

Plugins that offer this: BULLETPROOF SECURITY | Author(s): AITpro Website Security

3. Protecting the admin dashboard.

Everything intriguing on your website, for hackers or basically anyone… can be found in the WordPress Admin dashboard. Yes, this is the most protected section overall in WordPress providing the challenge for hackers in search of breaking through and leaving them with a moral victory. Once access is gained to this section, damage to the highest rank can be exercised.

To protect your admin dashboard, protect your wp-admin directory by maybe requiring 2 passwords, an authentication app like Google Authenticator or any other 3rd party app or plugin.

4. Use SSL to encrypt data

Apart from the fact that Google has started to penalize websites that lack an SSL (Secure Socket Layer) certificate, is this one of the smartest moves any website owner can make to protect the admin panel as well as the rest of the website.

To get an SSL certificate for your website is simple. Contact CSSbiDESIGN or any other company where you can purchase one. Most reputable hosting companies like CSSbiDESIGN offer SSL protection included with their hosting service fee. From better rankings to customer trust the benefits are endless when it comes to an SSL certificate.

5. Updates & regular backups

Updates: We all have been through new software installing on our devices or that long time-consuming updates you get on your PC leaving your blood pressure to skyrocket, right? Don’t get mad next time… those updates are necessary to keep the bugs out and providing your private life with extra security. But as your phone and any other device, will your website also go through updates because that update, will close loopholes discovered by hackers, gaining access to your site and offering you the latest trends in website design.

Backups: Keeping an off-site backup somewhere is perhaps the best antidote should you be a target of hacking. With a backup, you can restore your WordPress website to a working state any time you want.

A Plugin that can help with this: VaultPress by Automattic

6. Disallow file editing

If you disallow file editing, no one will be able to modify any of the files – even if a hacker obtains admin access to your WordPress dashboard. To make this work, add the following to the wp-config.php file (at the very end):  define(‘DISALLOW_FILE_EDIT’, true);

7. Remove your WordPress version number

Your current WordPress version number can be found very easily. It’s basically sitting right there in your site’s source view. You can also see it on the bottom of your dashboard (but this doesn’t matter when trying to secure your WordPress website). Here’s the thing: if hackers know which version of WordPress you use, it’s easier for them to tailor-build the perfect attack. You can hide your version number with almost every WordPress security plugin.

For a more manual approach (and to also remove the version number from RSS feeds,) consider adding the following function to your functions.php file:

function wpbeginner_remove_version() {

return ”;

}

add_filter(‘the_generator’, ‘wpbeginner_remove_version’);

Following these guidelines will be a step in the right direction to help you protect your website… Although, probably, equally as important as security is website performance. A website MUST load as quick as possible. Recent research has discovered that visitors on average only wait for 2 seconds before getting frustrated and go to another site.

Should you need any help with security or performance, contact CSSbiDESIGN for a free evaluation by completing the form below or by dropping us a mail at help@cssbidesign.com or calling our office at +27813143387