How do I secure my WordPress site
Wordpress is one of the most popular Content Management Systems (CMS)and this is with good reason. Wordpress is easy to use and has a low learning curve. Thus, anyone can easily and quickly set up a Wordpress site. However, because of its popularity, Wordpress is also a nice target for malicious people. By using outdated plugins or not updating your WordPress version, a leak can easily be exploited. For this reason we always advise to regularly update your WordPress version and plugins used to the latest stable version and the importance of this to our customers to pass. This time via a blog post.
The write permissions on a WordPress website.
The write permissions of a WordPress website are very important for keeping your website safe. What this means is that files and pieces of code can perform an action on your web hosting space. Think of creating a file or uploading an image. Wordpress does need write permissions on certain folders in order to work on your website. This is the folder wp-content that is located directly in the wwwroot in your space. Here read and write permissions can be given. This way you can perform almost all actions in the WordPress admin.
How to set write permissions you can consult this article.
Your passwords for your Wordpress website and Database
The first line of defense for a secure Wordpress web hosting is strong passwords. We recommend using a random password for the database. This is a login which in most cases will only be used a few times and can be stored in a safe place. The random password generator can be set to 24 characters, for example, to create the following password:
Y6qA@&cxbaAmD208LogqOn&W
Your WordPress admin password is of course a different story, this will be used regularly to log in. Still, this should be a difficult password. We still often see passwords like admin admin, preview, loginJan with loginJan as the password. This is not the smartest thing you can do. Try to come up with a unique password or a password phrase of a random object/subject like TheKl2dBlok^MyDesk1sVanEur1d. Then log in with this a few times in a row to burn the password into your memory. You can of course store this in a safe place but make sure it is offline and under lock and key.
Using 2 factor authentication
To come back to the passwords, there is also a 2 factor authentication to set, this can be done by installing a plugin like DUO where MijnHostingPartner.nl has good experiences with. 2 Factor authentication is the combination of entering your password when logging into the WordPress admin and approving it via your SmartPhone. In this way you can also see immediately when someone tries to log in and you can take immediate action if necessary.
Securing the WP admin directory
Securing the WordPress admin directory is another layer you can add to deny visitors access to the admin URL. This can be set in two ways. The easiest way is to set up a .htaccess for the WordPress hosting space through the control panel . The second way is to set this up via the web.config file. This is also explained in previous article. To get to the admin login URL you will then need an additional password.
SSL certificate for your WordPress website
An SSL certificate is increasingly in the news, Google Chrome and Firefox in the latest versions already have a warning when not using a secure connection.
This is obviously the last thing you want when you have a webshop or an official site running with Wordpress hosting. An SSL certificate can be ordered at MijnHostingPartner.nl, see here for more information .
Backup your Wordpress website and database
Making backups of your Wordpress hosting space is very important. So you can always restore a version when something goes wrong with updating. MijnHostingPartner.nl makes server image backups and no individual hosting space backups. It is possible for us to deliver a backup but there are costs involved. Save yourself the costs and effort by setting up an automatic backup through the control panel. This can be done for both the database and the website files.
MijnHostingPartner.nl also offers support for a number of plugins of Wordpress to create an automatic backup of the database. However, we always recommend to use the backup method of the control panel. This is because we have it in our own hand and we can guarantee it.
Disable directory browsing in your web hosting space
Directory browsing is a setting within the control panel that makes it possible to view all folders within your WordPress hosting space. It is not recommended to have this active and it can be turned off or on within the control panel under websites. By default this is off in all hosting spaces and it is recommended to keep it that way.
Wordpress Webhosting at MijnHostingPartner.nl
We hope that we have been able to stimulate some customers to take action. For more questions you can directly start an online chat during office hours, of course you can also create a ticket for this in the customer panel. The employees of MijnHostingPartner.nl will help you quickly.