PROTECT YOUR WEBSITE
Joss Barnes

Joss Barnes

Founder of Twisted Spire Digital Media.
joss@twistedspire.co.uk

Five Essential Steps to protect your WordPress website

With a substantial increase in cybercrime and a direct link between website security and SEO rankings, it has never been more essential that You Protect your WordPress website and make it as secure as possible.

As a small business owner, reputation is paramount to success, and failure to protect yourself and protect your WordPress website visitors against any known and avoidable issues could be detrimental to success. 

At Twisted Spire, our website designers use purely WordPress for numerous reasons but ultimately because it is the most popular and robust platform available, powering nearly one-third of the world’s websites, which means it will not simply ‘boom and bust’ or fizzle out of existence any time soon. 

However, because WordPress is so popular worldwide, it also gets a large proportion of unwanted attention which is why as a website owner, you need to be a little more vigilant regarding security.

So, what can you do to protect yourself? Here are my five essential steps to protect your WordPress website that you can do today, to protect your WordPress website from the majority of malicious attacks. 

protect your wordpress website

Essential Step to Protect Your WebsiteHide the Admin Area

Why do people not restrict access to the WordPress admin area? 9.5 times out of 10 when conducting a security health check on a client’s online presence I find that the admin area is openly exposed to Joe Public and ripe for a brute force attack where someone can try to hack in (with ease for people with the right tools) – it’s the same as leaving a front door key under the welcome matt, you are simply inviting trouble in.

Try it out yourself right now and check five of your direct competitors above and below you in Google Rankings by simply typing either /wp-admin or wp-login.php after their website address. How many do you think you will find with open access to their admin area?  3, 6, 9?

There are many plugins available to hide the admin area, but WPS Hide Login is my favourite choice as it is a very light plugin that lets you easily and safely change the URL of the login page to anything you want and works on any WordPress website.

Once installed, go to the settings tab and enter a new login area as shown below.

2 Essential Steps to Protect Your WebsiteUse Two Factor Authentication (2FA)

We all know or have certainly used Two-Factor-Authentication before, its a method becoming more and more popular for logging into sensitive places like bank accounts and social media profiles and is a method of securing accounts requiring that you not only know something (a password) to log in but also that you possess something (a mobile device). The benefit of this approach to security is that even if someone guesses your password, they need to have also stolen a physical possession to break into your account. 

My preference for this is a plugin called WordFence which has a host of powerful security features including 2FA. 

After entering your username and password to enter the admin area, you are required to enter a code from either your mobile phone or a secret code that was given to you when the system was set up.

3 Essential Steps to Protect Your WebsiteKeep your WordPress site and plugins up-to-date

It is VITAL to keep your core WordPress files and any plugins updated to their latest versions. Most of the new WordPress and plugin versions contain security patches. Even if those vulnerabilities cannot be easily exploited most of the time, it is important to have them fixed

At Twisted Spire we check and update our clients managed websites daily to ensure that all vulnerabilities are patched as soon as the relevant information is available as part of one of our core services. 

5 essential steps to secure your website

4 Essential Steps to Protect Your WebsiteLimit Login Attempts

You can limit the number of times the wrong password or username is used to try to enter a website and block the offender for a set amount of time. This reduces the chances of malicious brute force attacks being successful – provided your username isn’t ‘admin’ and password ‘1234forgetmenot’. 

White list IP Address

If you only use a single point to access your website’s admin area, such as a home or works computer, consider whitelisting your IP address.

By whitelisting your IP address you will be only allowing access to your website from a device connected to the home or work network. 

If however, you like to access the admin area of your website from different locations, such as when out and about and using a laptop in Costa Coffee (NOT RECOMMENDED) then whitelisting the IP address would not be recommended as it is the IP address of the network you are using to connect to the internet – not the actual machine (laptop) you are using.

Ensure your computer is free of viruses and malware

If your computer is infected with a virus or malware software, a potential attacker can gain access to your login details and make a valid login to your site, bypassing all the measures you’ve taken before. This is why it is very important to have an up-to-date antivirus program and keep the overall security of all computers you use to access your WordPress site on a high level.

My advice is DO NOT USE free anti-virus software, you are just asking for trouble, instead, invest in a well-known brand, avoid buying directly from the software developer and shop around, there are often some great offers available from PC World as well as online platforms. I recently got a great deal on Amazon – probably the last place people would think of buying anti-virus software.  

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on email
  • All
  • How-To Master Your WordPress Website
  • How-To Succeed With SEO
  • Optimise Your Website Security
All
  • All
  • How-To Master Your WordPress Website
  • How-To Succeed With SEO
  • Optimise Your Website Security
what is seo

WHAT IS SEO AND HOW DOES SEO WORK?

Why hello and congratulations. Out of the other 21 million websites that can answer your search query, you have been lucky enough to land here. …

Read More →
free seo tools

Goggle Search Console – Your Favorite & Most Powerful SEO Tool

Google Search Console – The most powerful FREE tool in your SEO arsenal. For those of you who are yet to discover how valuable Google …

Read More →
google map listings

Ultimate How To Boost Your Local Google Website Ranking in 4 Easy Steps

Are you struggling to get your business seen in the local google website ranking? These three customers were but dont worry, you won’t be for …

Read More →
6 things to plan with your new website

6 Vital Things to Consider When Planning Your New Website 2021

Are you thinking about creating a new website for your business? Here are 6 Vital Things to Consider When Planning Your New Website 2021 and …

Read More →
why you should update your website

Why you should update your website or rebuild it

First impressions count as there are no second chances to make a first impression. Why should you update your website?, what is the first impression …

Read More →
Scroll to Top
need help with your website security?
we have you covered