[TUT] SECURE YOUR WORDPRESS PAGE [TUT]

[factchecker]

In this tutorial I will be giving a few tips for securing your WordPress website. I will only focus on securing the website itself, but you should remember to secure everything within such as your network, and computers upon doing this.



1. Keep WordPress updated

One of the main reasons WordPress websites gets hacked, is because they forget to update to the latest version, which thereby makes them vulnerable to exploits. Always make sure you are running the latest version of WordPress by checking the release-version available on the official WordPress site: https://wordpress.org/news/category/releases/



2. Update and clean your Plugins

2.1 It can be tempting to install a bunch of WordPress plugins, but one of the key parts of keeping your website secure is to have less plugins. Make sure you only keep the plugins you actually use on your website. You should be deleting all plugins you do not use completely from the WordPress installation, and not just deactivating it through the admin page.



2.2 Now you should be left with a few plugins that you are currently using for your website. However, deleting the useless plugins is not enough for securing your website. You should always check for updates on your installed plugins, to make sure they are not exploitable. There have been numerous of cases of WordPress websites getting hacked, simply because they forgot to update their plugins.



2.3 Make sure that all your installed plugins are available on the official WordPress plugin repository. Sometimes plugins are removed from the page once they realize there are security issues. You can find the official WordPress plugin reprository by using this link: https://wordpress.org/plugins/



3. Manage Staff roles

If you have several people working on your website you should ensure that everybody has a users role that makes sense to the according tasks they perform. There are six user-roles available within the WordPress admin page, and you should ensure that each Staff member, only have access to the permissions they specifically need.



1) – Super Admin: Has access to the site, network, and admin features



2) – Administrator: Has access to the site and admin features



3) – Editor: Can publish and make changes to all posts



4) – Author: Can publish and make changes to their own posts



5) – Contributor: Can write and make changes to their own posts without being able to publish them



6) – Subscriber: Can only access their profile



When you create a new user in WordPress, think about the tasks the specific Staff needs to have access to, and give the user a role that thereby correlates with their tasks. Using this method of securing roles, and permissions, you will feel a lot more confident going to sleep, and knowing one of your employees won't make a mistake and ruin the whole website.



4. Two-factor authentication (2FA)

If you want to add an extra layer of security, I would highly recommend installing a plugin for authenticating WordPress logins. There are several plugins that offers this, but I would recommend using Google authenticator. The plugin is available from the official WordPress plugin repository https://wordpress.org/plugins/google-authenticator/



5. Automatic backups

Another important thing when running a website is to ensure you have everything backed up. If anything would happen to your website, you wouldn't want to lose it all overnight, so make sure you have a plugin installed for automatic scheduled backups. One of the best plugins for this would be UpdraftPlus, here's a link to their official WordPress plugin page: https://wordpress.org/plugins/updraftplus/ There are several other plugins for this as well, but be careful as for which ones you install, and make sure you read the reviews upon downloading.



6. Update WordPress Passwords

No matter how hard your password is, hackers will eventually crack it. Ensuring you keep your passwords updated once a month, is one of the most important things at keeping your website and overall digital profiles secure. Here's a few tips for creating a strong password.



* Never use predictable passwords, such as your birthday, name of your brother/sister/mother/girlfriend etc.

* Add as many characters as possible.

* Use a password generator such as

Click here to see full text

https://passwordsgenerator.net

* Never reuse the same password.



7. WordPress Firewalls

Last but not least, you can always add an extra layer of protection by pointing your DNS records towards a secure Web application firewall. There are several options for this, but I would highly recommend using a paid option such as Sucuri, or going with a free option such as Cloudflare. Both should be completely fine for your purpose, but using a Web Application Firewall might cause a delayed loading-time for your content on your website. Some hosting providers usually offers integrated options for this as well, but it is not necessary to use a WAF.



Hopefully, this tutorial will help a few website owners securing their websites. I hope you enjoyed reading this tutorial, and I wish you the best of luck with your digital venture.