Your WordPress website is a valuable part of your online presence and you’ll naturally want to protect it from malicious attacks and unexpected software conflicts.
Use a strong and unique password
we’re all guilty of reusing the same password across multiple websites but if a website that you use this password with becomes compromised, so does your password, potentially leaving it in the hands of hackers. You can generate a strong password by using websites such a strongpasswordgenerator.com and there are various tools you can use to store these passwords such as Keychain so you don’t need to remember them.
Make sure you have a reliable back up
Probably one of the most important and first things you should do after setting up your WordPress website is to have a full back up of your WordPress website’s files and database. You can create back ups manually by downloading your files via FTP and creating a database dump via phpMyAdmin but you’ll find its much easier to create a back up using one of the many back up plugins available. Having a back up in place is great but if your server gets wiped, your back up goes with it so if you chose to use a plugin to generate your back up, make sure you’re sending the back ups to a remote location such as Dropbox, OneDrive, Google Drive, AWS, etc.
Install the iThemes Security plugin
This plugin is an absolute godsend for WordPress security. You can easily perform a range of tasks including forcing SSL, relocating the administrative URL, changing the database table prefix and WordPress salts and banning users that perform certain actions. There are other plugins that perform the same tasks but we find this particular plugin does all of them very well.
Update WordPress core, theme and plugins regularly
By default, WordPress will carry out minor updates itself but major updates involved someone logging into the dashboard and carrying out the update. The process is typically very easy and only normally requires the press of a few buttons. The same goes for themes and plugins but far less time would have gone into checking the updated files prior to them being released so we would recommend carrying out each plugin update one by one. This will give you an opportunity to check for any conflicts, ensuring the website runs as it should do. Prior to running updates of any kind, we highly recommend taking a full on-site back up of your website files and database.
Deactivate and uninstall any unused plugins
Plugins are an important part to your WordPress website as they provide a range of functions that wouldn’t be available to a bear-bones WordPress installation. However, plugins can tap into very sensitive areas of your website and a plugin that hasn’t been updated or a while can give rise to a vulnerability. We’d also only recommend keeping plugins installed if they’re necessary and removing any plugins that you no longer need. This will simplify your WordPress maintenance and help keep your website secure.