8 Steps to Boost WordPress Security

Author: Syzmic
June 10, 2021

We help growth-oriented companies boost site traffic and conversions

These days, your website needs to do more than exist, it needs to excel. That’s why we designed WebPulse. Learn More

Unfortunately, website hacks are becoming increasingly common, regardless of the business location, site size, or industry. If you own a marketing agency, your team likely works with tens, if not hundreds, of sites regularly. This means, taking the necessary precautions to protect against hacking is vitally important to your business. Below are some tangible steps your agency can implement to boost WordPress security. 

1. Don’t Share Passwords

This is the most common WordPress security issue, especially if you own a marketing agency and many individuals have access to credentials. New clients will often send over their admin credentials and, given the nature of the business, your agency sends the credentials around internally.

This creates an opportunity for the credentials to fall into the wrong hands. Imagine, if an employee leaves your agency and still has access to multiple client sites. The opportunity for hacks is endless. 

The best way to send access to a WordPress website is to add users. In the dashboard, you’re able to send individual access via email, restrict access levels, and hand-pick the individuals.

This way, if an employee leaves your agency, or a client parts ways, they can just remove the unwanted users.

2. Limit Plugin Use

Unsafe plugins cause a huge security risk. In 2020, millions of sites were targeted due to a security issue with a File Manager plugin (here’s an article explaining what happened).

At Syzmic, we use as few plugins as possible. Of course, some plugins are necessary, and we recommend extensive research on the plugin itself and the developer who created it. Below, we recommend three plugins to assist site security. We’ve researched these and feel comfortable recommending them! 

3. Keep Daily Website Backups

If your client’s sites are ever hacked, a backup of the site could save the day. If you have a quality WordPress host (CloudWays, WPEngine, FlyWheel, etc.) then your sites are likely backed up daily.

Depending on when the hack occurs, you can restore a backup of the site, correct what’s been hacked, and change all passwords.

4. Keep WordPress, Plugins, and Themes Up-to-Date

WordPress, and top plugins and themes, are continually updating their software to prevent hacking. This is why it’s extremely important to update your site monthly. If you own a marketing agency, this is true for all the websites you manage. We know updating every site, monthly, is difficult and time-consuming.

5. Limit Login Attempts

One of the most common hacks is a brute force attack. This is when a hacker (typically a bot) will try different combinations of usernames and passwords until they successfully log in. These bots can go through thousands of attempts before they get it right. They can also use credentials that have been leaked online.

We suggest installing a plugin like Limit Login Attempts Reloaded to prevent brute force attacks. This limits the number of login attempts, sends email notifications on blocked attempts, and so much more.

6. Change Your Login URL

By default, WordPress sites have the same login URL. You can access it by using either /wp-admin/ or /wp-login/. Knowing the login URL is often the first step in hacking a website.

You can use a plugin like WPS Hide Login to change the URL to anything you want. This makes the login page more difficult to find and prevents bots from gaining access to the login page. It stops hackers at step one! 

7. Make Sure The Site is Using SSL

Most of the top hosting companies include SSL certificates with each website. You must utilize the SSL to make the site more secure. Not familiar with SSL certificates? Check out this article to learn more. 

Once you install the SSL, make sure you force a redirect from http:// to https://.

8. Use a Reputable WordPress Security Plugin

Following the steps above will help prevent hacking. However, if you’re looking for even greater security, we recommend a plugin like Sucuri Security. They offer several features to increase site security, but one we’d like to highlight is security notifications.

Since most hosting companies only keep 7-10 days of backups, it’s important to be alerted as soon as the site is hacked. With Sucuri Security, you’ll be aware of a hack faster and can take immediate steps to remedy the situation.

We hope you’ve found these steps helpful. If you’re interested in having Syzmic implement these plugins and security steps for you, reach out to our sales team here to get a quote! 


Submit a Comment

Your email address will not be published. Required fields are marked *

Share This