How to secure your WordPress website

In our previous article we learned “How to Build a WordPress Website” and today we’re closely inspecting the most important aspect of a website – its security.
One of the worst things that can happen to you online is to invest your time and efforts into building your website and then, out of nowhere, the website gets hacked by some 10 years old hacker wannabe for no particular reason. Fortunately, there are many plugins that can help you increase the security of your WordPress website and we’re going to look through the most popular of them.

However, before we begin with our list of favourite WordPress security plugins, please, make sure that you follow the 4 simple rules below in order to prevent security issues with your WordPress website.

1. Always make sure your WordPress website and its themes and plugins are updated to their latest version. Believe it or not, this is the most common reason why the hackers are using vulnerabilities in your code from which they can exploit your website.

2. Remove any unused WordPress themes and/or plugins. If you do not use it then remove it from your website. This you will help you decrease the number of potential security holes in your website and make it harder to being exploited.

3. Make sure that your local computer is clean from malicious software and it is being regularly scanned with updated and, most importantly, trusted antivirus software. This is very important because in case your computer is infected, your login details may be intercepted and used to hack your website. This can happen when you are entering your admin login details from your infected computer. That’s why it’s important to keep your computer clean from viruses.

4. Perform regular backups. It is one of the easiest things to do. Just download your website files and folders to your local computer regularly, for just in case something unwanted happens to the website. As a leading hosting provider, we at TMDHosting perform regular backups for your website files and database. However, having a local backup on your computer will provide you with one additional layer of security which is always a good thing.

WordPress is one of the most popular CSM applications and it has a very extensive catalogue of plugins of which you should take advantage. For your convenience we have selected the 5 most popular and, in my opinion, the best plugins with which you can increase the security of your WordPress website. Let’s take a look:

1. Akismet

Akismet - Fight the spam with Akismet WordPress plugin
This plugin comes by default with every single WordPress installation for a reason. Unfortunately, it is one of the most overlooked plugins of all times. What the Akismet plugin does is to protect your website comments from spam and trust me – Akismet is really good at it. You can read more on how to fight against spam in one of our previous articles “How to fight the internet trolls and spam bots in your site comment section” written by Morgan Collins.

You can download this plugin from the following url: http://wordpress.org/plugins/captcha/

2. Captcha 

Captcha - WordPress plugin which will spam-proof your websiteEven though it has mythical superpowers, the Akismet sometimes can’t protect you enough from all of those aggressive spam bots. This is where the Captcha plugin comes in by adding an additional verification box to your website comments and member login pages. This will stop those clever spam comments that will slip through the fingers of Akismet and should spam-proof your WordPress website.

You can download this plugin from the following url: http://wordpress.org/plugins/captcha/ 

3. Limit Login

Limit Login - Protect your WordPress website from bruteforce attacksWhile the above mentioned two plugins are directly protecting your website from unwanted spam comments, this Limit Login plugin is directly protecting your WordPress administration area by preventing the number of different attacks on the login section such as the dictionary attacks, and the random password guessing. In case someone tries to access your WordPress admin area too many times, the Limit Login locks down your login section and bans the attacker temporarily. However, the sweetest feature of this Limit Login plugin is that it immediately sends you an e-mail informing you if someone made malicious attempts to hack your website.

You can download this plugin from the following url: http://wordpress.org/plugins/limit-login-attempts/ 

4. Better WP Security

Better WP Security - Security suite for every WordPress websiteOnce your comments are protected from the spambots you should take care of the security of your WordPress website and protect it from hacker wannabes. The Better WP Security plugin consists of some of the best WordPress security features and techniques which are ready to be applied to your WordPress at instance in order to increase its security.

As with every single plugin I would highly recommend you to make yourself familiar with this plugin as it can even change the admin login url (as a security measure) and you might get locked out of your own website. However, in case you are experiencing issues with your plugins you can always submit a ticket to our Genius Support team who are always available to help you out of any situation.

You can download this plugin from the following url: http://wordpress.org/plugins/better-wp-security/ 

5. WP Updates Notifier

WP Updates Notifier - Be always up to date.
More than 90% of the hacked WordPress websites are being hacked due to the fact that either they were outdated or some of their third party themes and plugins are having security holes. This humble free plugin notifies you by email whenever there is any update available for your installed plugins, themes or WordPress core files. I find this plugin very useful because I manage to handle multiple WordPress websites and some of them are quite old and not regularly administered. However, with this little plugin you can always be up to date which, as we already mentioned, is crucial for your website security.

You can download this plugin from the following url: http://wordpress.org/plugins/wp-updates-notifier/

To sum it up – the above plugins are somewhat essential for every WordPress website security. Unfortunately, there is no single plugin to provide you with 100% guarantee that it will secure your website from malicious activities. For this reason, you might want to consider installing a number of the plugins we discussed. You can also browse through the extensive WordPress plugins library and choose the plugins you want to try but remember to read user reviews and try to avoid installing low-rated plugins.

Do you have your favourite WordPress security plugins? Share them in the comments below and stay tuned for our next article and most importantly – stay safe!