How do I keep my WordPress website secure?
If you are using WordPress on your hosting then of course you want the website to run as well as possible. After all, the idea is that the website is fast, but it also needs to be a secure website.
You don't want malicious users to take over your website and abuse it. It is therefore important that you know what you can do to protect your WordPress website against this.
In this blog post we will cover how you can keep your WordPress hosting safe from attacks.
Passwords
It's important that people don't just walk into your admin environment. So you need a strong password for this. Now you might be wondering how to set up a strong password, luckily you can easily fix this.
Passwords like "test123" or the name of your pet will not be strong passwords, malicious users can guess them quite easily. This is because a strong password uses upper and lower case letters, numbers and special characters.
You can make up your own password, however, it may be that they are still easy to guess. We have developed our own password generator for this purpose. With this you always have a strong password that is virtually impossible to guess.
The admin page
Most WordPress users will be able to get to their admin page by typing /wp-admin behind the link. However, it is also possible to customize this. There are several plugins that allow you to modify the link from /wp-admin to any link you want.
For example, you have the possibility to change /wp-admin to /mhp-login, you can use this very well to circumvent malicious people, theywill be less likely to find your admin page making it much harder to try to log into your admin environment.
There are also other changes you can apply to your admin page. For example, limiting the number of login attempts.
This makes it impossible for malicious users to perform a brute force attack on your admin environment.
In a brute force attack, all different login combinations are tried on your website. The plug-in can then intercept these attempts and make it impossible for malicious users to do this, they will be blocked.
It is also advisable to make use of Two Factor Authentication. A code will be generated on your phone that you need to fill in on your website to log in further.
If malicious users guess your password, they still need to enter the code.
Your files and write permissions
Of course you can also do a number of things to protect your files and database. For example, it is best to leave the write permissions off unless you need to make a change to your website.
Malicious people can make use of the write permissions to make changes to your website. You must have the write permissions on when installing WordPress, after this you can generally turn them off.
Of course it is also important to properly secure your database, think not only of a strong password but also the prefix, for example. WordPress is known for using wp_ as the prefix for their database.
As a result, database tables are created with wp_ in front of the name, but you can change this during the installation of WordPress. During the installation you need to specify the database data, here you will also see that you can change the prefix.
If you want a website that is as secure as possible you need to change this. You can use almost anything, for example mhpPrefix_. The tables will then also be in the database.
Maintenance
Now that you might have this set up on your WordPress hosting, you are not completely safe. You also need to maintain your own website, for example by installing updates.
This applies to WordPress itself but also for your plug-ins and the theme you use. Besides the fact that there are often new additions to these updates, it is also true that many of these updates are for security reasons.
Maintaining your website can sometimes take a lot of time, luckily MijnHostingPartner has a solution for this. You can use Managed WordPress Hosting, most of the maintenance is done automatically.
Each update is performed automatically for you so you do not have to do this yourself. You can then focus on more important things like building and developing your website.
If you have any further questions on this subject you can always check if one of our chat operators is present. If no one is on the chat you can create a ticket to our helpdesk. It is also possible to contact us via Twitter or Facebook.