How do you keep your site secure? We call it “hardening” your website. Here’s your Security Checklist: The Top 7 Best Steps for a Secure WordPress Website.
1) Secure Hosting
According to WPTemplate, 40% of hacked sites are due to poor hosting. How do you choose the best host for your site? I recommend SiteGround for website hosting. You can also compare Siteground with other hosts: https://wpshout.com/best-wordpress-hosting-2019/
2) Secure Passwords
Yup, this is still a thing. Do yourself a huge favor and check out this article which will ask “Are my passwords secure?” You’ll learn how to create a secure password that you can actually remember. Therefore, no need to install more password apps.
3) Keep Up-To-Date
Keep your plugins and core updated. This is kind of a no-brainer, yet still a good reminder. Your WordPress website is like software on a server. There are frequent updates, and not just to WordPress; there are updates to your plugins as well.
4) Backup SOP
And before you make those updates (should I move this up one?) be sure you have a backup and recovery workflow set in place. Updraft is an excellent backup system I install for my clients. UPDATE: I am switching over to MalCare – This service is really amazing and provides better service than what Updraft and WordFence offer, combined, and costs less.
Clean up any unused plugins and themes. We all have them. Those plugins that we tried and then deactivated. One of these plugins are for sliders, or image galleries, or megamenus. Well, plugins are like season clothes; If you can’t use them, toss them out of your wardrobe.
6) Managed Users
Minimize the number of users. There should be only one admin on your site. Any others you can create roles and capabilities for your editors. Your users need to have secure passwords (see above) and the admin can NOT be named admin. That’s a given, right?
7) Security Plugins
You can find a lot of articles online that list comparisons of WordPress security plugins. There are some very good plugins. I’ve used several and have found WordFence to be my favorite. It had login attempts limitations, country blocking, email notifications and a slew of other great features. That being said… I am now testing Malcare and love it so far!