iThemes Security, WordFence, and Sucuri are all popular, bloated, and slow plugins. Remove them and add free, lightweight, discrete plugins.
Intro to WordPress Security
WordPress powers over 40% of all websites and has over 57,000 plugins in the directory, so it should be no surprise WordPress is under constant threat by hackers. According to a report by GoDaddy Security, 90% of all the hacked CMS platforms in 2018 were WordPress sites. Google alone blacklists 10,000 websites every day for hosting and spreading malware, and these blacklisted sites can lose up to 95% of their organic traffic.
Choose Secure WordPress Hosting
41% of hacked WordPress sites are because of vulnerabilities in the hosting platform. You can avoid this with a secure WordPress hosting platform from the start.
SiteGround maintains a highly specialized security team to address web security threats, a DevOps team to create advanced custom security solutions, and a 24/7 system administration team to watch over their platform.
Keep Your Website Up-to-Date
It is crucial to keep WordPress, themes, and plugins up-to-date. However, equally important is ensuring the themes and plugins you rely on are under active development and have not been abandoned.
36.7% of the WordPress sites hacked were caused by outdated, vulnerable versions of WordPress, according to Sucuri, and a Wordfence study found that Plugins represent 55.9% of every known backdoor.
Even industry leaders don’t always follow the best practices. For example, Reuters was hacked because they were using an outdated version of WordPress.
60% of small businesses shut within six months of a cyber attack. So please don’t make it any easier for hackers. At Creative Reload, we offer WordPress maintenance & management services that allow you to focus on your business by keeping the website driving your business and brand safe, secure, and healthy.
Security With Free, Lightweight, Discrete Plugins
WordPress plugins are not only the most significant security risks, but they’re also one of the significant performance killers. iThemes Security, WordFence, and Sucuri are all popular, bloated, and slow plugins. Remove them and add free, lightweight, discrete plugins.
The secret about website security is that it’s not one big thing you do; it’s about doing many little things. Change your WordPress login URL, change the admin username from the default “admin,” and don’t use “password” as your password. Install Limit Login Attempts Reloaded to prevent brute-force attacks and Block Bad Queries (BBQ) to protect your site against malicious URL requests.
The Most Important Tip of All
The best thing you can do for your website’s security has nothing to do with WordPress, themes, plugins, or your hosting platform. Enforce Strong Passwords. Made up of 12 or more upper and lower case characters, numbers, and symbols.
Nine-character passwords take five days to break. 10-character words take four months. 11-character passwords take ten years. Make it 12 characters, and you’re looking at 200 years worth of password security.
Create and keep track of complex and hard-to-guess passwords with a password manager.