How do I keep my website secure?
For individuals and businesses running a blog or website this is a common question. Below are a few tips to notably improve your websites security.
Use a quality hosting provider
While it may be tempting to go for the website hosting provider thats a few dollars cheaper per month, you usually miss out of some security tools and features. Quality hosts will have features like:
- Domain WhoIs Protections – meaning your registered contact details from your website are not available for all to see.
- Let’s Encrypt Automatic SSL Renewal – Meaning even if you don’t pay for a SSL certificate you can still encrypt connections to your website.
- Useful Knowledgebases – With information and updates about existing and new security issues, to help keep you secure.
- DDOS protection – This helps keep your site online if it’s hit by a distributed denial of service attack
- Firewalling and Automatic Blocking – for known malicious IP addresses or if an attack is detected.
Keep WordPress themes & plugins up to date.
WordPress has constant updates to address security issues, these updates often improve performance or functionality too. You should also opt to always use plugins and themes that are commonly used and still supported by their developers. If a theme or plugin is not still supported it may not be updated to address issues or you may find you cannot upgrade your WordPress version without it breaking the plugin or the theme.
Protect your login details
If multiple people use your website they should each have their own login, only strong password should be used and you absolutely should turn on multifactor authentication. Accounts with weak or guessable passwords and no multifactor authentication (MFA) are a common source of compromise.
Remove unused plugins
The less plugins running the less potential there is a for a security issue. If you don’t need a theme or plugin you should consider removing it.
Update your version of PHP
As long as you’ve already updated WordPress you should be able to start using a newer version of PHP too. Just like with all software, new versions provide performance improvements and security fixes. If your site doesn’t work with the latest version you can always switch back to an older one. Just don’t let it get too out of date.