-
Home
-
Knowledge Base
-
David J Steele
- Is WordPress Secure?
Knowledge Base
Is WordPress Secure?
Is your WordPress site protected, secured, locked down?
According to W3Techs, WordPress is used by 43.2% of all websites on the internet. Hackers know this, and unfortunately, due to its popularity, it makes WordPress sites a target. Is the WordPress core secure? Yes, very secure, but you need to keep WordPress updated to the latest version, and you should only use reputable, legitimate plugins and modules. Using strong passwords, two-factor authentication, captcha, and SSL is also recommended, and hosting your site with a secure WordPress provider.
Are WordPress themes secure? Not always.
At Intrada, we build our themes custom to our client’s specific needs. This increases the development cost starting with a basic framework and building the templates, functions, menus, and styles from scratch, but provides the client with a secure, fast, and responsive result. Some quality theme sites follow the recommended code standards, and others are coded poorly, causing problems when modified, or are very slow because they are bloated with extra code that is sometimes never needed. This can be quickly verified by running a program like W3C’s validator or Google Lighthouse to check the site performance related to desktop and mobile.
As security concerns continue increasing, hackers have access to additional resources to learn about exploits and other vulnerabilities. These security releases are provided to help and guide the WordPress development community on how to protect their sites but are also used by hackers to exploit unprotected sites. Most attacks on WordPress come from brute-force attempts, cross-site scripting, backdoors, and Database Injections.
 |
A few key points to securing your WordPress website:
- Keep the WordPress core updated to the latest version.
- Use only reputable, legitimate plugins and modules.
- Keep all plugins and modules updated to the latest versions.
- Remove any unused plugins and modules.
- Use captcha.
- Only allow strong passwords in user accounts.
- Enable two-factor authentication to user accounts.
- Install a reputable WordPress security plugin that can scan your site for malware.
- Enable SSL on all traffic.
- Host your site with a WordPress Secure Host.
- Make sure you are using the latest PHP versions.
- Check user accounts and remove unnecessary users.
- Limit user accounts to only functions necessary.
- Disable file editing in the WordPress dashboard.
- Change the default WordPress login URL.
- Change the database file prefix.
- Disable the xmlrpc.php file.
- Consider setting up a new admin and disabling the default WordPress admin account.
- Consider hiding your WordPress version.
- Back up your site after all significant changes.
If you would like one of our optimization or security specialists to review your site or provide an optimization and security review, contact James Haywood at 570.321.7370 or click here.
About the author
|
Contact Information: |
Hours of Operation: |
OUR FOCUS
Intrada Technologies is a full-service web development and network management company with a focus on creating ongoing, trusted partnerships with each of our clients.
We make sure our clients have what they require to run their businesses with maximum efficiency and reliability, as many of their needs are mission-critical.
Our unique, collaborative partnerships allow us to provide our clients with the assurance that we will be there when they need us.