Cyber security is back in the headlines as US President Biden warns companies to “harden [their] cyber defences immediately.” It’s got many asking the  question “just how secure is my website and what steps can I take to keep hackers at bay?” If you’re wondering how to keep your website secure, it’s useful to know more about the security of the website building platform that your website runs on.

WordPress is by far the most popular, with 455 million active websites using it right now. That also means that it’s a big shiny target for hackers.

But the great news is that hackers aren’t getting as a result of vulnerabilities in WordPress’ latest core software. The vast majority of WordPress hacks are completely preventable. Read on to find out how.

How to keep your WordPress website safe

1. Update, update, update

The WordPress elves work hard to continually stay one step ahead of hackers at all times. That’s why it’s important to install the latest WordPress updates to keep your website secure. Did you know that 86% of WordPress sites are hacked because they haven’t been properly updated?

Update checklist:

  • WordPress install – check that your website is running on the latest version of WordPress.
  • Plug-ins – ensure that all of your plugins are updated
  • Theme – themes are also updated with new security patches. If you have a customized theme, make sure you seek professional advice to avoid losing your hard work.

We recommend updating every 3 months or so. The longer you leave it, the more vulnerable your website will be. Set a reminder on your calendar to repeat every three months, and update religiously.

2. Create a strong password

In most other cases, WordPress websites are hacked when login credentials are compromised. “1234567” just won’t cut it. You need a strong, seemingly random password.

A great tip is to choose a famous quote or a line from your favorite song, take the first letter of each word. Even better, think of how you can include numbers, capital letters, and characters into the mix.

For example, “To be or not to be, that is the question” becomes “2bon2bTit?’ But don’t use that one… think of your own!

3. If it smells phishy, avoid it!

WordPress administrators can all too easily fall victim to phishing emails. Hackers put a lot of effort into making their emails look legitimate. Before you know it, you’ve clicked on a link.

Here are some things to watch out for:

  • Do you know the sender? If not, proceed with caution.
  • Check outbound links by hovering over the link and looking at the bottom of your browser – does it come from a reliable website?
  • Read links carefully. A well-documented phishing technique is to use a domain that looks almost identical to a trustworthy domain.
  • Do a quick search to see if the email is a known scam. One example is hackers using “password reset” emails to obtain your login credentials.

If you keep your wits about you, and regularly install WordPress and plugin updates, you can keep your WordPress website very secure.

If you’re concerned about the security of your website or if administrating your own page feels like a big responsibility, you can always hire a professional to take charge of website maintenance. At jdp we have WordPress professionals who will make sure your website is running smoothly and safely.