There are many concerned about WordPress security from hacking and other malicious activity. This is a topic that is continually coming up and I'm constantly informing our customers. Let's start with the basics.
Is WordPress secure?
Not unless you do some basic maintenance first. This is the most common problem when developers without a lot of experience start working with it. Out of the box we need to do some basic hardening, follow best practices, and perform on-going maintenance.
- WordPress Hardening - When a new install of the software is put on a hosting account the software is generic and needs certain things done to secure the site. Click here for step by step instructions.
- WordPress Configuration - Make sure you use a salt for a secret key to the installation. Update wp-config with these.
- Keep software up to date - WordPress and plugin updates are getting more frequent and almost on a daily basis. Out of the box WordPress doesn't do this for you. There are ways to have this done automatically via auto-updates.
- Use strong passwords - These are indicated in your admin when you update your password or reset for ALL users. A site is only as strong as the weakest link.
- Install extra security plugins - These are constantly changing but if you look this up you can find great resources for these.
- Make sure you have on-going backups with verifiable restores. That means testing the restoration process or you may not have a backup at all.
Hacking is a random occurance which gives a false sense of security for website vulnerabilities. Your website can go for years without being noticed even if it's an easy target. So it's best to be proactive and make sure you lock it down in the beginning and avoid down time and extra costs for repair.
If your site gets hacked we can usually repair it unless it's been heavily compromised. Think of termites in your house. The infection may go unnoticed for months and cause greater damage.
I get asked a lot why are websites getting hacked? There are many reasons for this from simply defacing a website for fun to putting spam links for black hat SEO.
If you think your site has been hacked we can help. We can do a diagnostic and scan for any malware and determine if it's clean or we can repair it. To schedule a consultation just give us a call or send us a message.